The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-06T15:00:00

Updated: 2024-08-06T17:39:01.871Z

Reserved: 2013-11-04T00:00:00

Link: CVE-2013-6483

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-02-06T16:10:58.717

Modified: 2024-11-21T01:59:19.060

Link: CVE-2013-6483

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-01-28T00:00:00Z

Links: CVE-2013-6483 - Bugzilla