Fluid Attacks Database

Description

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	pidgin	>=0 <2.4.3-4	2.4.3-4
debian 11	pidgin	>=0 <2.4.3-4	2.4.3-4
debian 12	pidgin	>=0 <2.4.3-4	2.4.3-4
debian 14	pidgin	>=0 <2.4.3-4	2.4.3-4
rpm rhel5	pidgin	<0:2.5.2-6.el5	0:2.5.2-6.el5

Aliases

1. CVE-2008-29572. NVD-2008-29573. OSV-DEBIAN-2008-29574. OSV-2008-29575. SECURITY-TRACKER-CVE-2008-2957

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.