{
  "threat_severity" : "Moderate",
  "public_date" : "2014-01-28T00:00:00Z",
  "bugzilla" : {
    "description" : "pidgin: Possible spoofing using iq replies in XMPP protocol plugin",
    "id" : "1056978",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1056978"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-290",
  "details" : [ "The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply." ],
  "acknowledgement" : "Red Hat would like to thank Pidgin project for reporting this issue. Upstream acknowledges Christian Wressnegger (University of Goettingen) and Fabian Yamaguchi as the original reporters.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-02-05T00:00:00Z",
    "advisory" : "RHSA-2014:0139",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "pidgin-0:2.6.6-32.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-02-05T00:00:00Z",
    "advisory" : "RHSA-2014:0139",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "pidgin-0:2.7.9-27.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "pidgin",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-6483\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6483\nhttp://pidgin.im/news/security/?id=78" ],
  "name" : "CVE-2013-6483",
  "csaw" : false
}