Pidgin Security Advisory
| Title | Remote UPnP discovery DoS |
|---|
| Date | 2007-05-11 |
|---|
| CVE Name | CVE-2008-2957 |
|---|
| Discovered By | Andrew Hunt and Christian Grothoff |
|---|
| Summary | A malicious process could pose as a UPnP server and cause libpurple to download excessive data. |
|---|
| Description | The UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. |
|---|
| Fixed in Version | 2.5.0 |
|---|
| Fix | UPnP related downloads are limited to 128kB |
|---|
Return to Security Advisory Index
