Lucene search

[email protected]CVE-2008-2957

HistoryJul 01, 2008 - 10:41 p.m.

CVE-2008-2957

2008-07-0122:41:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-2957

upnp

pidgin

remote attack

file download

denial of service

udp packet

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.047

Percentile

92.7%

JSON

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

Affected configurations

NVD

Node

pidginpidginMatch2.0.0

VendorProductVersionCPE
pidginpidgin2.0.0cpe:/a:pidgin:pidgin:2.0.0:::

Vendor	Product	Version	CPE
pidgin	pidgin	2.0.0	cpe:/a:pidgin:pidgin:2.0.0:::

References

crisp.cs.du.edu/?q=ca2007-1

secunia.com/advisories/32859

secunia.com/advisories/33102

support.avaya.com/elmodocs2/security/ASA-2008-493.htm

www.mandriva.com/security/advisories?name=MDVSA-2009:025

www.openwall.com/lists/oss-security/2008/06/27/3

www.redhat.com/support/errata/RHSA-2008-1023.html

www.securityfocus.com/bid/29985

www.ubuntu.com/usn/USN-675-1

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.047

Percentile

92.7%

JSON

Related for CVE-2008-2957

debian2 ubuntucve1 prion1 nvd1 cvelist1 veracode1 debiancve1 openvas14 oraclelinux1 redhat1 nessus8 centos1 gentoo1 ubuntu1