Launchpad CVE tracker

CVE 2008-3532

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

Related bugs and status

CVE-2008-3532 (Candidate) is related to these bugs:

Bug #245769: [CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities

Summary				In	Importance	Status
	245769	[CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities		pidgin (Ubuntu)	Undecided	Fix Released

Bug #245770: [CVE-2008-2927] MSN integer overflow in Pidgin

		In	Importance	Status
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Ubuntu)	Undecided	Fix Released
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Debian)	Unknown	Fix Released
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Fedora)	Medium	Fix Released

Bug #251304: Pidgin XMPP TLS/SSL Man in the Middle attack

		In	Importance	Status
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	pidgin (Ubuntu)	Undecided	Fix Released
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	pidgin (Debian)	Unknown	Fix Released
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	Pidgin	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-3532

References