| Summary | Remote UPnP discovery DoS |
|---|---|
| Date | 2008-05-11 |
| CVE Number | CVE-2008-2957 |
| Discovered By | Andrew Hunt and Christian Grothoff |
| Fixed In Release | 2.5.0 |
The UPnP functionality in libpurple allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
UPnP related downloads are limited to 128kB.