Lucene search

RedhatCVE-2013-6483

HistoryFeb 06, 2014 - 4:10 p.m.

CVE-2013-6483

2014-02-0616:10:58

CWE-20

redhat

web.nvd.nist.gov

xmpp

libpurple

pidgin

cve-2013-6483

denial of service

remote attackers

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.019

Percentile

88.7%

JSON

The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.

Affected configurations

Nvd

Node

pidginpidginRange≤2.10.7

pidginpidginMatch2.0.0

pidginpidginMatch2.0.1

pidginpidginMatch2.0.2

pidginpidginMatch2.1.0

pidginpidginMatch2.1.1

pidginpidginMatch2.2.0

pidginpidginMatch2.2.1

pidginpidginMatch2.2.2

pidginpidginMatch2.3.0

pidginpidginMatch2.3.1

pidginpidginMatch2.4.0

pidginpidginMatch2.4.1

pidginpidginMatch2.4.2

pidginpidginMatch2.4.3

pidginpidginMatch2.5.0

pidginpidginMatch2.5.1

pidginpidginMatch2.5.2

pidginpidginMatch2.5.3

pidginpidginMatch2.5.4

pidginpidginMatch2.5.5

pidginpidginMatch2.5.6

pidginpidginMatch2.5.7

pidginpidginMatch2.5.8

pidginpidginMatch2.5.9

pidginpidginMatch2.6.0

pidginpidginMatch2.6.1

pidginpidginMatch2.6.2

pidginpidginMatch2.6.3

pidginpidginMatch2.6.4

pidginpidginMatch2.6.5

pidginpidginMatch2.6.6

pidginpidginMatch2.7.0

pidginpidginMatch2.7.1

pidginpidginMatch2.7.2

pidginpidginMatch2.7.3

pidginpidginMatch2.7.4

pidginpidginMatch2.7.5

pidginpidginMatch2.7.6

pidginpidginMatch2.7.7

pidginpidginMatch2.7.8

pidginpidginMatch2.7.9

pidginpidginMatch2.7.10

pidginpidginMatch2.7.11

pidginpidginMatch2.8.0

pidginpidginMatch2.9.0

pidginpidginMatch2.10.0

pidginpidginMatch2.10.1

pidginpidginMatch2.10.2

pidginpidginMatch2.10.3

pidginpidginMatch2.10.4

pidginpidginMatch2.10.5

pidginpidginMatch2.10.6

VendorProductVersionCPE
pidginpidgin*cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*
pidginpidgin2.0.0cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
pidginpidgin2.0.1cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
pidginpidgin2.0.2cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
pidginpidgin2.1.0cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
pidginpidgin2.1.1cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
pidginpidgin2.2.0cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
pidginpidgin2.2.1cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
pidginpidgin2.2.2cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
pidginpidgin2.3.0cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pidgin	pidgin	*	cpe:2.3:a:pidgin:pidgin::::::::
pidgin	pidgin	2.0.0	cpe:2.3:a:pidgin:pidgin:2.0.0:::::::*
pidgin	pidgin	2.0.1	cpe:2.3:a:pidgin:pidgin:2.0.1:::::::*
pidgin	pidgin	2.0.2	cpe:2.3:a:pidgin:pidgin:2.0.2:::::::*
pidgin	pidgin	2.1.0	cpe:2.3:a:pidgin:pidgin:2.1.0:::::::*
pidgin	pidgin	2.1.1	cpe:2.3:a:pidgin:pidgin:2.1.1:::::::*
pidgin	pidgin	2.2.0	cpe:2.3:a:pidgin:pidgin:2.2.0:::::::*
pidgin	pidgin	2.2.1	cpe:2.3:a:pidgin:pidgin:2.2.1:::::::*
pidgin	pidgin	2.2.2	cpe:2.3:a:pidgin:pidgin:2.2.2:::::::*
pidgin	pidgin	2.3.0	cpe:2.3:a:pidgin:pidgin:2.3.0:::::::*