Description
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 5 | |||
| pidgin-0:2.6.6-32.el5 | cpe:/o:redhat:enterprise_linux:5 | RHSA-2014:0139 | 2014-02-05T00:00:00Z |
| Red Hat Enterprise Linux 6 | |||
| pidgin-0:2.7.9-27.el6 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2014:0139 | 2014-02-05T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-2859-1 | pidgin security update |
 EUVD |
EUVD-2013-6286 | The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. |
 Ubuntu USN |
USN-2100-1 | Pidgin vulnerabilities |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T17:39:01.871Z
Reserved: 2013-11-04T00:00:00.000Z
Link: CVE-2013-6483
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2014-02-06T16:10:58.717
Modified: 2025-04-11T00:51:21.963
Link: CVE-2013-6483
Redhat
OpenCVE Enrichment
No data.