CVE-2008-3532 : The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, wh

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

Published 2008-08-08 19:41:00

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2008-3532

Pidgin » Pidgin » Version: 2.4.3
cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-3532

EPSS FAQ

3.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3532

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-3532

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3532

http://secunia.com/advisories/33102

About Secunia Research | Flexera

CVEs referencing this url
http://www.ubuntu.com/usn/USN-675-1

USN-675-1: Pidgin vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-1023.html

Support

CVEs referencing this url
http://developer.pidgin.im/ticket/6500

NSS plugin doesn't verify SSL certificates : PIDGIN-6500
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:025

Mandriva

CVEs referencing this url
http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch

404 Not Found
http://www.securityfocus.com/bid/30553
http://www.vupen.com/english/advisories/2008/2318

Site en construction
http://secunia.com/advisories/32859

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979

404 Not Found
https://exchange.xforce.ibmcloud.com/vulnerabilities/44220

Pidgin SSL spoofing CVE-2008-3532 Vulnerability Report
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434

#492434 - pidgin: Connects to Jabber server with bad SSL certificates without warning (CVE-2008-3532) - Debian Bug report logs
http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch

404 Not Found
Exploit
http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm

ASA-2008-493 (RHSA-2008-1023)

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327

404 Not Found
http://secunia.com/advisories/31390

About Secunia Research | Flexera

Jump to

Vulnerability Details : CVE-2008-3532

Products affected by CVE-2008-3532

Exploit prediction scoring system (EPSS) score for CVE-2008-3532

CVSS scores for CVE-2008-3532

CWE ids for CVE-2008-3532

References for CVE-2008-3532