Summary Remote UPnP discovery DoS
Date 2008-05-11
CVE Number CVE-2008-2957
Discovered By Andrew Hunt and Christian Grothoff
Fixed In Release 2.5.0


The UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.


UPnP related downloads are limited to 128kB.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site