Launchpad CVE tracker

CVE 2008-2957

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

Related bugs and status

CVE-2008-2957 (Candidate) is related to these bugs:

Bug #245769: [CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities

Summary				In	Importance	Status
	245769	[CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities		pidgin (Ubuntu)	Undecided	Fix Released

Bug #245770: [CVE-2008-2927] MSN integer overflow in Pidgin

		In	Importance	Status
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Ubuntu)	Undecided	Fix Released
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Debian)	Unknown	Fix Released
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Fedora)	Medium	Fix Released

Bug #251304: Pidgin XMPP TLS/SSL Man in the Middle attack

		In	Importance	Status
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	pidgin (Ubuntu)	Undecided	Fix Released
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	pidgin (Debian)	Unknown	Fix Released
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	Pidgin	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-2957

References