CVE-2013-6483

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.10.8

Description The issue concerns the XMPP protocol plugin in Pidgin, which does not properly verify the consistency between the 'from' address in an IQ reply and the 'to' address in an IQ request. This inconsistency allows remote attackers to spoof IQ traffic or cause a denial of service, resulting in a NULL pointer dereference and application crash via a crafted reply.

Recommendations For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XMPP protocol plugin until a patch is applied.