Launchpad CVE tracker

CVE 2008-2955

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

Related bugs and status

CVE-2008-2955 (Candidate) is related to these bugs:

Bug #245769: [CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities

Summary				In	Importance	Status
	245769	[CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities		pidgin (Ubuntu)	Undecided	Fix Released

Bug #245770: [CVE-2008-2927] MSN integer overflow in Pidgin

		In	Importance	Status
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Ubuntu)	Undecided	Fix Released
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Debian)	Unknown	Fix Released
245770	[CVE-2008-2927] MSN integer overflow in Pidgin	pidgin (Fedora)	Medium	Fix Released

Bug #251304: Pidgin XMPP TLS/SSL Man in the Middle attack

		In	Importance	Status
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	pidgin (Ubuntu)	Undecided	Fix Released
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	pidgin (Debian)	Unknown	Fix Released
251304	Pidgin XMPP TLS/SSL Man in the Middle attack	Pidgin	Unknown	Fix Released

Bug #494002: [hardy] Failing to connect to MSN with 'protocol is not supported' error

		In	Importance	Status
494002	[hardy] Failing to connect to MSN with 'protocol is not supported' error	pidgin (Ubuntu)	Undecided	Fix Released
494002	[hardy] Failing to connect to MSN with 'protocol is not supported' error	Pidgin	Unknown	Unknown
494002	[hardy] Failing to connect to MSN with 'protocol is not supported' error	pidgin (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-2955

References