CVE-2013-6483 (retired)

Priority
Description
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not
properly determine whether the from address in an iq reply is consistent
with the to address in an iq request, which allows remote attackers to
spoof iq traffic or cause a denial of service (NULL pointer dereference and
application crash) via a crafted reply.
Notes
 mdeslaur> this introduced a regression, which was fixed in 2.10.9:
 mdeslaur> https://developer.pidgin.im/ticket/15879
Assigned-to
mdeslaur
More Information

Updated: 2019-08-23 08:58:39 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)