CVE-2009-3026

N/A Unknown
Published: August 31, 2009 Modified: April 23, 2026
View on NVD

Description

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891
Source: cve@mitre.org
http://developer.pidgin.im/ticket/8131
Source: cve@mitre.org
http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
Source: cve@mitre.org
Patch
http://secunia.com/advisories/37071
Source: cve@mitre.org
http://www.openwall.com/lists/oss-security/2009/08/24/2
Source: cve@mitre.org
http://www.securityfocus.com/bid/36368
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/53000
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757
Source: cve@mitre.org
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891
Source: af854a3a-2127-422b-91ae-364da2661108
http://developer.pidgin.im/ticket/8131
Source: af854a3a-2127-422b-91ae-364da2661108
http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://secunia.com/advisories/37071
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2009/08/24/2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/36368
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/53000
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757
Source: af854a3a-2127-422b-91ae-364da2661108

18 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.5%
67th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

pidgin

Related CVEs

CVE-2026-7073 7.3
CVE-2026-7072 7.3
CVE-2026-7071 5.3
CVE-2026-7070 7.3
CVE-2026-7069 8.0