Summary Remote UPnP discovery DoS
Date 2008-05-11
CVE Number CVE-2008-2957
Discovered By Andrew Hunt and Christian Grothoff
Fixed In Release 2.5.0


The UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.


UPnP related downloads are limited to 128kB.

Looking to reach us via XMPP? Check out the new PidginChat service!