VDB
CVE-2013-6483
CVE-2013-6483
PUBLISHED
CVSS 6.400000095367432 MEDIUM
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.
EPSS 0.86% · 75.5th percentile
Risk Scores
CVSS 2.0
6.400000095367432
EPSS Score
0.86%
75.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| pidgin | pidgin | 0, 2.0.0, 2.0.1 |
Exploit Intelligence
- Everdoh/CVE-2013-6490 (github-poc)
- Everdoh/CVE-2013-6490 (github-poc)
- Everdoh/CVE-2013-6490 (github-poc)
- Everdoh/CVE-2013-6490 (github-poc)
- openSUSE-SU-2014:0326 (circl)
- RHSA-2014:0139 (circl)
- DSA-2859 (circl)
- openSUSE-SU-2014:0239 (circl)
- USN-2100-1 (circl)
- http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 (circl)
…and 1 more exploits
Timeline
- Jan 28, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- http://www.pidgin.im/news/security/ advisory
- openSUSE-SU-2014:0326 vendor-advisory
- RHSA-2014:0139 vendor-advisory
- DSA-2859 vendor-advisory
- openSUSE-SU-2014:0239 vendor-advisory
- USN-2100-1 vendor-advisory
- http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 url
- http://pidgin.im/news/security/?id=78 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-6483 advisory