Lucene search
HistoryFeb 06, 2014 - 4:10 p.m.
CVE-2013-6483
xmpp
libpurple
pidgin
cve-2013-6483
denial of service
remote attackers
nvd
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.019 Low
EPSS
Percentile
88.7%
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.
Affected configurations
Node
pidginpidginRange≤2.10.7
ORpidginpidginMatch2.0.0
ORpidginpidginMatch2.0.1
ORpidginpidginMatch2.0.2
ORpidginpidginMatch2.1.0
ORpidginpidginMatch2.1.1
ORpidginpidginMatch2.2.0
ORpidginpidginMatch2.2.1
ORpidginpidginMatch2.2.2
ORpidginpidginMatch2.3.0
ORpidginpidginMatch2.3.1
ORpidginpidginMatch2.4.0
ORpidginpidginMatch2.4.1
ORpidginpidginMatch2.4.2
ORpidginpidginMatch2.4.3
ORpidginpidginMatch2.5.0
ORpidginpidginMatch2.5.1
ORpidginpidginMatch2.5.2
ORpidginpidginMatch2.5.3
ORpidginpidginMatch2.5.4
ORpidginpidginMatch2.5.5
ORpidginpidginMatch2.5.6
ORpidginpidginMatch2.5.7
ORpidginpidginMatch2.5.8
ORpidginpidginMatch2.5.9
ORpidginpidginMatch2.6.0
ORpidginpidginMatch2.6.1
ORpidginpidginMatch2.6.2
ORpidginpidginMatch2.6.3
ORpidginpidginMatch2.6.4
ORpidginpidginMatch2.6.5
ORpidginpidginMatch2.6.6
ORpidginpidginMatch2.7.0
ORpidginpidginMatch2.7.1
ORpidginpidginMatch2.7.2
ORpidginpidginMatch2.7.3
ORpidginpidginMatch2.7.4
ORpidginpidginMatch2.7.5
ORpidginpidginMatch2.7.6
ORpidginpidginMatch2.7.7
ORpidginpidginMatch2.7.8
ORpidginpidginMatch2.7.9
ORpidginpidginMatch2.7.10
ORpidginpidginMatch2.7.11
ORpidginpidginMatch2.8.0
ORpidginpidginMatch2.9.0
ORpidginpidginMatch2.10.0
ORpidginpidginMatch2.10.1
ORpidginpidginMatch2.10.2
ORpidginpidginMatch2.10.3
ORpidginpidginMatch2.10.4
ORpidginpidginMatch2.10.5
ORpidginpidginMatch2.10.6
References
Related
prion
prion
Null pointer dereference
2014-02-06 16:10:00
cvelist
cvelist
CVE-2013-6483
2014-02-06 15:00:00
nvd
nvd
CVE-2013-6483
2014-02-06 16:10:58
debiancve
debiancve
CVE-2013-6483
2014-02-06 16:10:58
ubuntucve
ubuntucve
CVE-2013-6483
2014-02-05 00:00:00
openvas
openvas
Debian Security Advisory DSA 2859-1 (pidgin - several vulnerabilities)
2014-02-10 00:00:00
Debian: Security Advisory (DSA-2859-2)
2014-02-09 00:00:00
Ubuntu Update for pidgin USN-2100-1
2014-02-11 00:00:00
osv
osv
pidgin - security update
2014-02-10 00:00:00
pidgin - several
2014-02-10 00:00:00
debian
debian
[BSA-092] Security Update for pidgin
2014-02-22 11:36:11
[SECURITY] [DSA 2859-1] pidgin security update
2014-02-10 17:30:06
nessus
nessus
openSUSE Security Update : pidgin / pidgin-branding-openSUSE (openSUSE-SU-2014:0239-1)
2014-06-13 00:00:00
Debian DSA-2859-1 : pidgin - several vulnerabilities
2014-02-12 00:00:00
RHEL 5 / 6 : pidgin (RHSA-2014:0139)
2014-02-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:12
Denial Of Service (DoS)
2019-05-02 05:01:11
Out-Of-Bounds Write
2019-05-02 05:01:11
kaspersky
kaspersky
KLA10433 Multiple vulnerabilities in Pidgin
2014-06-02 00:00:00
redhat
redhat
(RHSA-2014:0139) Moderate: pidgin security update
2014-02-05 00:00:00
ubuntu
ubuntu
Pidgin vulnerabilities
2014-02-06 00:00:00
securityvulns
securityvulns
libgadu / libpurple / Pidgin multiple security vulnerabilities
2014-02-10 00:00:00
oraclelinux
oraclelinux
pidgin security update
2014-02-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: pidgin-2.10.9-1.fc20
2014-02-06 03:50:31
[SECURITY] Fedora 19 Update: pidgin-2.10.9-1.fc19
2014-02-14 08:00:10
mageia
mageia
Updated pidgin package fixes security vulnerabilities
2014-02-05 19:31:44
centos
centos
finch, libpurple, pidgin security update
2014-02-05 19:41:13
slackware
slackware
pidgin
2014-02-03 13:58:20
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2014-05-18 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.2 Medium
AI Score
Confidence
Low
0.019 Low
EPSS
Percentile
88.7%
Related for CVE-2013-6483