CVE-2008-2955

Current Description

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

Referenced by CVEs:CVE-2008-2927

Basic Data

PublishedJuly 01, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPidginPidgin2.4.1*******

Vulnerable Software List

VendorProductVersions
Pidgin Pidgin 2.4.1

References

NameSourceURLTags
30881http://secunia.com/advisories/30881SECUNIAVendor Advisory
32859http://secunia.com/advisories/32859SECUNIA
33102http://secunia.com/advisories/33102SECUNIA
3966http://securityreason.com/securityalert/3966SREASON
http://support.avaya.com/elmodocs2/security/ASA-2008-493.htmhttp://support.avaya.com/elmodocs2/security/ASA-2008-493.htmCONFIRM
MDVSA-2009:025http://www.mandriva.com/security/advisories?name=MDVSA-2009:025MANDRIVA
RHSA-2008:1023http://www.redhat.com/support/errata/RHSA-2008-1023.htmlREDHAT
20080626 Pidgin 2.4.1 Vulnerabilityhttp://www.securityfocus.com/archive/1/493682/100/0/threadedBUGTRAQ
29985http://www.securityfocus.com/bid/29985BID
USN-675-1http://www.ubuntu.com/usn/USN-675-1UBUNTU
ADV-2008-1947http://www.vupen.com/english/advisories/2008/1947VUPEN
oval:org.mitre.oval:def:10131https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131OVAL
oval:org.mitre.oval:def:18050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050OVAL