CVE-2008-2956

EUVD-2008-2946
Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
pidginpidgin
2.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pidgin
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gaim
dapper
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
pidgin
dapper
dne
feisty
dne
hardy
ignored
intrepid
ignored
jaunty
ignored
Common Weakness Enumeration
References
http://crisp.cs.du.edu/?q=ca2007-1
http://secunia.com/advisories/31387
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
http://www.openwall.com/lists/oss-security/2008/06/27/3
http://www.securityfocus.com/archive/1/495165/100/0/threaded
http://www.securityfocus.com/bid/29985
https://issues.rpath.com/browse/RPL-2647
http://crisp.cs.du.edu/?q=ca2007-1
http://secunia.com/advisories/31387
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
http://www.openwall.com/lists/oss-security/2008/06/27/3
http://www.securityfocus.com/archive/1/495165/100/0/threaded
http://www.securityfocus.com/bid/29985
https://issues.rpath.com/browse/RPL-2647