CVE-2008-2955

Published: Jul 1, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

Affected (1)

Products: Pidgin: Pidgin

Pidgin

1 product

Pidgin

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pidgin Pidgin	Version 2.4.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://secunia.com/advisories/30881

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32859

Source: secalert@redhat.com

http://secunia.com/advisories/33102

Source: secalert@redhat.com

http://securityreason.com/securityalert/3966

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:025

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-1023.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/493682/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/29985

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-675-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/1947

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050

Source: secalert@redhat.com

http://secunia.com/advisories/30881