CVE-2008-3532 — Pidgin vulnerability

CWE-3107 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

3.4%

top 12.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pidgin Debian Pidgin

Timeline

PublishedAug 8

Latest updateMay 2

Description

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/pidgin< pidgin 2.4.3-2 (bookworm)

▶Debianpidgin/pidgin< 2.4.3-2+3

▶NVDpidgin/pidgin2.4.3

Patches

Patch: developer.pidgin.im ↗Patch: developer.pidgin.im ↗

🔴Vulnerability Details

GHSA

GHSA-ww4m-hgqp-q9hp: The NSS plugin in libpurple in Pidgin 2↗2022-05-02

▶

OSV

CVE-2008-3532: The NSS plugin in libpurple in Pidgin 2↗2008-08-08

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerabilities↗2008-11-24

▶

Red Hat

pidgin: NSS plugin doesn't verify SSL certificates↗2008-07-28

▶

Debian

CVE-2008-3532: pidgin - The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, wh...↗2008

▶

💬Community

Bugzilla

CVE-2008-3532 pidgin: NSS plugin doesn't verify SSL certificates↗2008-08-05

▶