DescriptionHuzaifa S. Sidhpurwala
2014-01-23 09:42:53 UTC
It was found that the XMPP protocol plugin in pidgin does not verify iq replies. The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference.
Acknowledgements:
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen as the original reporters of this issue.
Comment 1Huzaifa S. Sidhpurwala
2014-01-27 06:14:25 UTC