Pidgin Security Advisory

TitleRemote UPnP discovery DoS
Date2007-05-11
CVE NameCVE-2008-2957
Discovered ByAndrew Hunt and Christian Grothoff
SummaryA malicious process could pose as a UPnP server and cause libpurple to download excessive data.
DescriptionThe UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
Fixed in Version2.5.0
FixUPnP related downloads are limited to 128kB

Return to Security Advisory Index