CVE-2013-6483Improper Input Validation in Pidgin

CWE-20Improper Input ValidationCWE-290Authentication Bypass by Spoofing8 documents7 sources
Severity
6.4MEDIUMNVD
EPSS
0.9%
top 24.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PidginDebian Pidgin
Timeline
PublishedFeb 6
Latest updateMay 17

Description

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

debiandebian/pidgin< pidgin 2.10.8-1 (bookworm)
Debianpidgin/pidgin< 2.10.8-1+3
NVDpidgin/pidgin2.10.7+52

🔴Vulnerability Details

2
GHSA
GHSA-7hf8-wq8c-mrxp: The XMPP protocol plugin in libpurple in Pidgin before 22022-05-17
OSV
CVE-2013-6483: The XMPP protocol plugin in libpurple in Pidgin before 22014-02-06

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerabilities2014-02-06
Red Hat
pidgin: Possible spoofing using iq replies in XMPP protocol plugin2014-01-28
Debian
CVE-2013-6483: pidgin - The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly ...2013

💬Community

2
Bugzilla
CVE-2013-6483 CVE-2013-6482 CVE-2013-6481 CVE-2013-6487 CVE-2013-6485 CVE-2013-6484 CVE-2013-6489 CVE-2014-0020 CVE-2013-6477 CVE-2012-6152 CVE-2013-6478 CVE-2013-6479 CVE-2013-6490 pidgin: various fl2014-01-29
Bugzilla
CVE-2013-6483 pidgin: Possible spoofing using iq replies in XMPP protocol plugin2014-01-23