6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.019 Low
EPSS
Percentile
88.7%
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not
properly determine whether the from address in an iq reply is consistent
with the to address in an iq request, which allows remote attackers to
spoof iq traffic or cause a denial of service (NULL pointer dereference and
application crash) via a crafted reply.
Author | Note |
---|---|
mdeslaur | this introduced a regression, which was fixed in 2.10.9: https://developer.pidgin.im/ticket/15879 |