Lucene search

[email protected]CVE-2008-2957

HistoryJul 01, 2008 - 10:41 p.m.

CVE-2008-2957

2008-07-0122:41:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-2957

upnp

pidgin

remote attack

file download

denial of service

udp packet

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.4%

JSON

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

Affected configurations

NVD

Node

pidginpidginMatch2.0.0

CPENameOperatorVersion
pidgin:pidginpidgineq2.0.0

CPE	Name	Operator	Version
pidgin:pidgin	pidgin	eq	2.0.0

References

crisp.cs.du.edu/?q=ca2007-1

secunia.com/advisories/32859

secunia.com/advisories/33102

support.avaya.com/elmodocs2/security/ASA-2008-493.htm

www.mandriva.com/security/advisories?name=MDVSA-2009:025

www.openwall.com/lists/oss-security/2008/06/27/3

www.redhat.com/support/errata/RHSA-2008-1023.html

www.securityfocus.com/bid/29985

www.ubuntu.com/usn/USN-675-1

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2008-2957

prion1 nvd1 ubuntucve1 debian2 veracode1 debiancve1 cvelist1 oraclelinux1 redhat1 openvas14 nessus8 centos1 gentoo1 ubuntu1