CVE-2008-2956 — Missing Release of Memory after Effective Lifetime in Pidgin

CWE-399 CWE-401 — Missing Release of Memory after Effective Lifetime6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedJul 1

Latest updateMay 1

Description

Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDpidgin/pidgin2.0.0

▶debiandebian/pidgin

🔴Vulnerability Details

GHSA

GHSA-f69j-274h-2m7w: ** DISPUTED ** Memory leak in Pidgin 2↗2022-05-01

▶

OSV

CVE-2008-2956: Memory leak in Pidgin 2↗2008-07-01

▶

📋Vendor Advisories

Debian

CVE-2008-2956: pidgin - Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attacker...↗2008

▶

Red Hat

pidgin: memory leak in XML parser↗2007-05-11

▶

💬Community

Bugzilla

CVE-2008-2956 pidgin: memory leak in XML parser↗2008-07-02

▶