Remote DNS Spoofing Vulnerability in Pidgin Messaging Client
CVE-2022-26491

5.9MEDIUM

Key Information:

Vendor

Pidgin

Status
Pidgin
Vendor
CVE Published:
2 June 2022

What is CVE-2022-26491?

A vulnerability in Pidgin prior to version 2.14.9 allows a remote attacker to spoof DNS responses, redirecting client connections to malicious servers. This exploitation can manipulate TLS certificate verification processes, enabling the attacker to gain unauthorized access to XMPP communications and user credentials. The risk is notably similar to other documented vulnerabilities, emphasizing the need for timely updates and security measures to protect user data and privacy.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://mail.jabber.org/pipermail/standards/2022-February...
x_refsource_MISC
https://github.com/xsf/xeps/pull/1158
x_refsource_MISC
https://developer.pidgin.im/wiki/FullChangeLog
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.