CVE-2008-3532

Description

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

Risk Information

Base Score

6.5

MODERATE

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

3.446

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Pidgin 2.4.3	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-336424	Pidgin (2.14.13)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234