CVE-2013-6483

Source
https://nvd.nist.gov/vuln/detail/CVE-2013-6483
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-6483.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2013-6483
Related
Published
2014-02-06T16:10:58Z
Modified
2024-09-11T02:00:05Z
Summary
[none]
Details

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.

References

Affected packages

Debian:11 / pidgin

Package

Name
pidgin
Purl
pkg:deb/debian/pidgin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pidgin

Package

Name
pidgin
Purl
pkg:deb/debian/pidgin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pidgin

Package

Name
pidgin
Purl
pkg:deb/debian/pidgin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}