CVE-2013-6483: Input Validation

First published: Thu Feb 06 2014(Updated: )

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Pidgin Pidgin	<=2.10.7
Pidgin Pidgin	=2.0.0
Pidgin Pidgin	=2.0.1
Pidgin Pidgin	=2.0.2
Pidgin Pidgin	=2.1.0
Pidgin Pidgin	=2.1.1
Pidgin Pidgin	=2.2.0
Pidgin Pidgin	=2.2.1
Pidgin Pidgin	=2.2.2
Pidgin Pidgin	=2.3.0
Pidgin Pidgin	=2.3.1
Pidgin Pidgin	=2.4.0
Pidgin Pidgin	=2.4.1
Pidgin Pidgin	=2.4.2
Pidgin Pidgin	=2.4.3
Pidgin Pidgin	=2.5.0
Pidgin Pidgin	=2.5.1
Pidgin Pidgin	=2.5.2
Pidgin Pidgin	=2.5.3
Pidgin Pidgin	=2.5.4
Pidgin Pidgin	=2.5.5
Pidgin Pidgin	=2.5.6
Pidgin Pidgin	=2.5.7
Pidgin Pidgin	=2.5.8
Pidgin Pidgin	=2.5.9
Pidgin Pidgin	=2.6.0
Pidgin Pidgin	=2.6.1
Pidgin Pidgin	=2.6.2
Pidgin Pidgin	=2.6.3
Pidgin Pidgin	=2.6.4
Pidgin Pidgin	=2.6.5
Pidgin Pidgin	=2.6.6
Pidgin Pidgin	=2.7.0
Pidgin Pidgin	=2.7.1
Pidgin Pidgin	=2.7.2
Pidgin Pidgin	=2.7.3
Pidgin Pidgin	=2.7.4
Pidgin Pidgin	=2.7.5
Pidgin Pidgin	=2.7.6
Pidgin Pidgin	=2.7.7
Pidgin Pidgin	=2.7.8
Pidgin Pidgin	=2.7.9
Pidgin Pidgin	=2.7.10
Pidgin Pidgin	=2.7.11
Pidgin Pidgin	=2.8.0
Pidgin Pidgin	=2.9.0
Pidgin Pidgin	=2.10.0
Pidgin Pidgin	=2.10.1
Pidgin Pidgin	=2.10.2
Pidgin Pidgin	=2.10.3
Pidgin Pidgin	=2.10.4
Pidgin Pidgin	=2.10.5
Pidgin Pidgin	=2.10.6

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/last-modified-date
agent/tags
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/pidgin
canonical/pidgin pidgin
version/pidgin pidgin/2.10.7
version/pidgin pidgin/2.0.0
version/pidgin pidgin/2.0.1
version/pidgin pidgin/2.0.2
version/pidgin pidgin/2.1.0
version/pidgin pidgin/2.1.1
version/pidgin pidgin/2.2.0
version/pidgin pidgin/2.2.1
version/pidgin pidgin/2.2.2
version/pidgin pidgin/2.3.0
version/pidgin pidgin/2.3.1
version/pidgin pidgin/2.4.0
version/pidgin pidgin/2.4.1
version/pidgin pidgin/2.4.2
version/pidgin pidgin/2.4.3
version/pidgin pidgin/2.5.0
version/pidgin pidgin/2.5.1
version/pidgin pidgin/2.5.2
version/pidgin pidgin/2.5.3
version/pidgin pidgin/2.5.4
version/pidgin pidgin/2.5.5
version/pidgin pidgin/2.5.6
version/pidgin pidgin/2.5.7
version/pidgin pidgin/2.5.8
version/pidgin pidgin/2.5.9
version/pidgin pidgin/2.6.0
version/pidgin pidgin/2.6.1
version/pidgin pidgin/2.6.2
version/pidgin pidgin/2.6.3
version/pidgin pidgin/2.6.4
version/pidgin pidgin/2.6.5
version/pidgin pidgin/2.6.6
version/pidgin pidgin/2.7.0
version/pidgin pidgin/2.7.1
version/pidgin pidgin/2.7.2
version/pidgin pidgin/2.7.3
version/pidgin pidgin/2.7.4
version/pidgin pidgin/2.7.5
version/pidgin pidgin/2.7.6
version/pidgin pidgin/2.7.7
version/pidgin pidgin/2.7.8
version/pidgin pidgin/2.7.9
version/pidgin pidgin/2.7.10
version/pidgin pidgin/2.7.11
version/pidgin pidgin/2.8.0
version/pidgin pidgin/2.9.0
version/pidgin pidgin/2.10.0
version/pidgin pidgin/2.10.1
version/pidgin pidgin/2.10.2
version/pidgin pidgin/2.10.3
version/pidgin pidgin/2.10.4
version/pidgin pidgin/2.10.5
version/pidgin pidgin/2.10.6

CVE-2013-6483: Input Validation

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact