Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2955 — Improper Input Validation in Pidgin

CWE-20 — Improper Input Validation CWE-190 — Integer Overflow or Wraparound CWE-18914 documents8 sources

Severity

6.8MEDIUMNVD

NVD4.3OSV4.3

EPSS

17.7%

top 4.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Pidgin Debian Pidgin Adium

Timeline

PublishedJul 1

Latest updateMay 1

Description

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/pidgin< pidgin 2.4.3-1 (bookworm)

▶Debianpidgin/pidgin< 2.4.3-1+3

▶NVDpidgin/pidgin2.4.2+12

▶NVDadium/adium1.2.7+11

🔴Vulnerability Details

GHSA

GHSA-573h-wp83-cr6f: Pidgin 2↗2022-05-01

▶

GHSA

GHSA-xgwj-qm2p-hcpc: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink↗2022-05-01

▶

OSV

CVE-2008-2927: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink↗2008-07-07

▶

OSV

CVE-2008-2955: Pidgin 2↗2008-07-01

▶

💥Exploits & PoCs

Exploit-DB

Pidgin 2.4.2 - 'msn_slplink_process_msg()' Denial of Service↗2009-01-26

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2010-01-18

▶

Ubuntu

Pidgin vulnerabilities↗2008-11-24

▶

Red Hat

pidgin MSN integer overflow↗2008-07-04

▶

Red Hat

pidgin: remote DoS via MSN message with crafted file name↗2008-06-28

▶

Debian

CVE-2008-2927: pidgin - Multiple integer overflows in the msn_slplink_process_msg functions in the MSN p...↗2008

▶

💬Community

Bugzilla

CVE-2008-2955 pidgin: remote DoS via MSN message with crafted file name↗2008-07-02

▶