CVE-2008-2957: CVE-2008-2957

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-2957

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Pidgin UPnP和Jabber协议处理拒绝服务漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Pidgin是一款跨平台的实时通信客户端，它支持多个常用的实时通信协议，用户可用同一个软件登录不同的实时通信服务。 Pidgin的XML解析器在解析畸形XML文件时存在内存泄露漏洞。不可信任的XML文档是通过UPnP和Jabber协议交换的，而UPnP实现没有限制HTTP下载的大小。由于可通过包含有任意URL的UDP报文触发下载，因此攻击者可以导致Pidgin从网站下载任意大小的文档，耗费带宽资源。仅在有限的环境中才会出现上述两个漏洞： XML内存泄露漏洞要求用户连接到恶意的Jabber服务器，或连接到

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-2957

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-2957

Please Login to view more intelligence information

http://support.avaya.com/elmodocs2/security/ASA-2008-493.htmx_refsource_CONFIRM
http://crisp.cs.du.edu/?q=ca2007-1x_refsource_MISC
http://www.securityfocus.com/bid/29985vdb-entryx_refsource_BID
http://secunia.com/advisories/32859third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33102third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-675-1vendor-advisoryx_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDVSA-2009:025vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-1023.htmlvendor-advisoryx_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599vdb-entrysignaturex_refsource_OVAL
http://www.openwall.com/lists/oss-security/2008/06/27/3mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2008-2957

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2008-2957

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2008-2957

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-2957

III. Intelligence Information for CVE-2008-2957

New Vulnerabilities

V. Comments for CVE-2008-2957

Leave a comment