8.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.107 Low
EPSS
Percentile
95.0%
It was discovered that Pidgin did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send a specially
crafted message and possibly execute arbitrary code with user privileges.
(CVE-2008-2927)
It was discovered that Pidgin did not properly handle file transfers containing
a long filename and special characters in the MSN protocol handler. A remote
attacker could send a specially crafted filename in a file transfer request
and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955)
It was discovered that Pidgin did not impose resource limitations in the UPnP
service. A remote attacker could cause Pidgin to download arbitrary files
and cause a denial of service from memory or disk space exhaustion.
(CVE-2008-2957)
It was discovered that Pidgin did not validate SSL certificates when using a
secure connection. If a remote attacker were able to perform a
machine-in-the-middle attack, this flaw could be exploited to view sensitive
information. This update alters Pidgin behaviour by asking users to confirm
the validity of a certificate upon initial login. (CVE-2008-3532)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | pidgin | < 1:2.4.1-1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | finch | < 1:2.4.1-1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpurple0 | < 1:2.4.1-1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | pidgin-dbg | < 1:2.4.1-1ubuntu2.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | pidgin | < 1:2.2.1-1ubuntu4.3 | UNKNOWN |
Ubuntu | 7.10 | noarch | finch | < 1:2.2.1-1ubuntu4.3 | UNKNOWN |
Ubuntu | 7.10 | noarch | libpurple0 | < 1:2.2.1-1ubuntu4.3 | UNKNOWN |
Ubuntu | 7.10 | noarch | pidgin | < dbg-1:2.2.1-1ubuntu4.3 | UNKNOWN |