CVE-2008-3532
EPSS 3.4%
Description
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
How to fix CVE-2008-3532
To remediate CVE-2008-3532, upgrade the affected package to a fixed version below.
- Debian/pidgin—upgrade to 2.4.3-2 or later
Is CVE-2008-3532 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.4.3-2