CVE-2008-3532

🗓️ 08 Aug 2008 19:00:00Reported by redhatType

NSS plugin in libpurple in Pidgin 2.4.3 doesn't verify SSL certificates, enabling acceptance of invalid server certificates.

Reporter	Title	Published	Views	Family All 46
Tenable Nessus	CentOS 4 / 5 : pidgin (CESA-2008:1023)	23 Dec 200800:00	–	nessus
Tenable Nessus	GLSA-200901-13 : Pidgin: Multiple vulnerabilities	21 Jan 200900:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : pidgin (MDVSA-2009:025)	23 Apr 200900:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : pidgin (MDVSA-2009:321)	7 Dec 200900:00	–	nessus
Tenable Nessus	Oracle Linux 4 : pidgin (ELSA-2008-1023)	12 Jul 201300:00	–	nessus
Tenable Nessus	RHEL 4 / 5 : pidgin (RHSA-2008:1023)	16 Dec 200800:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64	1 Aug 201200:00	–	nessus
Tenable Nessus	openSUSE Security Update : finch (finch-188)	21 Jul 200900:00	–	nessus
Tenable Nessus	SuSE 10 Security Update : pidgin, gaim and finch (ZYPP Patch Number 5573)	27 Jan 201100:00	–	nessus
Tenable Nessus	openSUSE 10 Security Update : finch (finch-5592)	14 Sep 200800:00	–	nessus

NVD

Node

Source	Link
vupen	www.vupen.com/english/advisories/2008/2318
developer	www.developer.pidgin.im/ticket/6500
secunia	www.secunia.com/advisories/32859
oval	www.oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327
redhat	www.redhat.com/support/errata/RHSA-2008-1023.html
mandriva	www.mandriva.com/security/advisories
ubuntu	www.ubuntu.com/usn/USN-675-1
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/44220
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
developer	www.developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch

23 Apr 2026 00:35Current

6.1Medium risk

Vulners AI Score6.1

CVSS 26.8

EPSS0.03446