UBUNTU-CVE-2022-26491
- Source
- https://ubuntu.com/security/CVE-2022-26491
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-26491.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-26491
- Upstream
- Published
- 2022-06-02T14:15:00Z
- Modified
- 2026-01-20T19:02:01.920175Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
- References
Affected packages
Ubuntu:14.04:LTS
pidgin
Package
- Name
- pidgin
- Purl
- pkg:deb/ubuntu/pidgin@1:2.10.9-0ubuntu3.4?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.10.7-0ubuntu4.1
1:2.10.7-0ubuntu4.2
1:2.10.9-0ubuntu1
1:2.10.9-0ubuntu2
1:2.10.9-0ubuntu3
1:2.10.9-0ubuntu3.1
1:2.10.9-0ubuntu3.2
1:2.10.9-0ubuntu3.3
1:2.10.9-0ubuntu3.4
Ecosystem specific
{
"binaries": [
{
"binary_name": "finch",
"binary_version": "1:2.10.9-0ubuntu3.4"
},
{
"binary_name": "finch-dev",
"binary_version": "1:2.10.9-0ubuntu3.4"
},
{
"binary_name": "libpurple-bin",
"binary_version": "1:2.10.9-0ubuntu3.4"
},
{
"binary_name": "libpurple-dev",
"binary_version": "1:2.10.9-0ubuntu3.4"
},
{
"binary_name": "libpurple0",
"binary_version": "1:2.10.9-0ubuntu3.4"
},
{
"binary_name": "pidgin",
"binary_version": "1:2.10.9-0ubuntu3.4"
},
{
"binary_name": "pidgin-data",
"binary_version": "1:2.10.9-0ubuntu3.4"
},
{
"binary_name": "pidgin-dev",
"binary_version": "1:2.10.9-0ubuntu3.4"
}
]
}Ubuntu:16.04:LTS
pidgin
Package
- Name
- pidgin
- Purl
- pkg:deb/ubuntu/pidgin@1:2.10.12-0ubuntu5.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.10.11-0ubuntu4
1:2.10.11-0ubuntu5
1:2.10.12-0ubuntu1
1:2.10.12-0ubuntu2
1:2.10.12-0ubuntu3
1:2.10.12-0ubuntu4
1:2.10.12-0ubuntu5
1:2.10.12-0ubuntu5.1
1:2.10.12-0ubuntu5.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "finch",
"binary_version": "1:2.10.12-0ubuntu5.2"
},
{
"binary_name": "finch-dev",
"binary_version": "1:2.10.12-0ubuntu5.2"
},
{
"binary_name": "libpurple-bin",
"binary_version": "1:2.10.12-0ubuntu5.2"
},
{
"binary_name": "libpurple-dev",
"binary_version": "1:2.10.12-0ubuntu5.2"
},
{
"binary_name": "libpurple0",
"binary_version": "1:2.10.12-0ubuntu5.2"
},
{
"binary_name": "pidgin",
"binary_version": "1:2.10.12-0ubuntu5.2"
},
{
"binary_name": "pidgin-data",
"binary_version": "1:2.10.12-0ubuntu5.2"
},
{
"binary_name": "pidgin-dev",
"binary_version": "1:2.10.12-0ubuntu5.2"
}
]
}Ubuntu:18.04:LTS
pidgin
Package
- Name
- pidgin
- Purl
- pkg:deb/ubuntu/pidgin@1:2.12.0-1ubuntu4?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "finch",
"binary_version": "1:2.12.0-1ubuntu4"
},
{
"binary_name": "finch-dev",
"binary_version": "1:2.12.0-1ubuntu4"
},
{
"binary_name": "libpurple-bin",
"binary_version": "1:2.12.0-1ubuntu4"
},
{
"binary_name": "libpurple-dev",
"binary_version": "1:2.12.0-1ubuntu4"
},
{
"binary_name": "libpurple0",
"binary_version": "1:2.12.0-1ubuntu4"
},
{
"binary_name": "pidgin",
"binary_version": "1:2.12.0-1ubuntu4"
},
{
"binary_name": "pidgin-data",
"binary_version": "1:2.12.0-1ubuntu4"
},
{
"binary_name": "pidgin-dev",
"binary_version": "1:2.12.0-1ubuntu4"
}
]
}Ubuntu:20.04:LTS
pidgin
Package
- Name
- pidgin
- Purl
- pkg:deb/ubuntu/pidgin@1:2.13.0-2.2ubuntu4?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:2.*
1:2.13.0-2.2ubuntu1
1:2.13.0-2.2ubuntu2
1:2.13.0-2.2ubuntu3
1:2.13.0-2.2ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_name": "finch",
"binary_version": "1:2.13.0-2.2ubuntu4"
},
{
"binary_name": "finch-dev",
"binary_version": "1:2.13.0-2.2ubuntu4"
},
{
"binary_name": "libpurple-bin",
"binary_version": "1:2.13.0-2.2ubuntu4"
},
{
"binary_name": "libpurple-dev",
"binary_version": "1:2.13.0-2.2ubuntu4"
},
{
"binary_name": "libpurple0",
"binary_version": "1:2.13.0-2.2ubuntu4"
},
{
"binary_name": "pidgin",
"binary_version": "1:2.13.0-2.2ubuntu4"
},
{
"binary_name": "pidgin-data",
"binary_version": "1:2.13.0-2.2ubuntu4"
},
{
"binary_name": "pidgin-dev",
"binary_version": "1:2.13.0-2.2ubuntu4"
}
]
}Ubuntu:22.04:LTS
pidgin
Package
- Name
- pidgin
- Purl
- pkg:deb/ubuntu/pidgin@1:2.14.8-1ubuntu2.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "finch",
"binary_version": "1:2.14.8-1ubuntu2.1"
},
{
"binary_name": "finch-dev",
"binary_version": "1:2.14.8-1ubuntu2.1"
},
{
"binary_name": "libpurple-bin",
"binary_version": "1:2.14.8-1ubuntu2.1"
},
{
"binary_name": "libpurple-dev",
"binary_version": "1:2.14.8-1ubuntu2.1"
},
{
"binary_name": "libpurple0",
"binary_version": "1:2.14.8-1ubuntu2.1"
},
{
"binary_name": "pidgin",
"binary_version": "1:2.14.8-1ubuntu2.1"
},
{
"binary_name": "pidgin-data",
"binary_version": "1:2.14.8-1ubuntu2.1"
},
{
"binary_name": "pidgin-dev",
"binary_version": "1:2.14.8-1ubuntu2.1"
}
]
}Ubuntu:24.04:LTS
pidgin
Package
- Name
- pidgin
- Purl
- pkg:deb/ubuntu/pidgin@1:2.14.13-1ubuntu2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "finch",
"binary_version": "1:2.14.13-1ubuntu2"
},
{
"binary_name": "finch-dev",
"binary_version": "1:2.14.13-1ubuntu2"
},
{
"binary_name": "libpurple-bin",
"binary_version": "1:2.14.13-1ubuntu2"
},
{
"binary_name": "libpurple-dev",
"binary_version": "1:2.14.13-1ubuntu2"
},
{
"binary_name": "libpurple0t64",
"binary_version": "1:2.14.13-1ubuntu2"
},
{
"binary_name": "pidgin",
"binary_version": "1:2.14.13-1ubuntu2"
},
{
"binary_name": "pidgin-data",
"binary_version": "1:2.14.13-1ubuntu2"
},
{
"binary_name": "pidgin-dev",
"binary_version": "1:2.14.13-1ubuntu2"
}
]
}Ubuntu:25.10
pidgin
Package
- Name
- pidgin
- Purl
- pkg:deb/ubuntu/pidgin@1:2.14.14-1ubuntu2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "finch",
"binary_version": "1:2.14.14-1ubuntu2"
},
{
"binary_name": "finch-dev",
"binary_version": "1:2.14.14-1ubuntu2"
},
{
"binary_name": "libpurple-bin",
"binary_version": "1:2.14.14-1ubuntu2"
},
{
"binary_name": "libpurple-dev",
"binary_version": "1:2.14.14-1ubuntu2"
},
{
"binary_name": "libpurple0t64",
"binary_version": "1:2.14.14-1ubuntu2"
},
{
"binary_name": "pidgin",
"binary_version": "1:2.14.14-1ubuntu2"
},
{
"binary_name": "pidgin-data",
"binary_version": "1:2.14.14-1ubuntu2"
},
{
"binary_name": "pidgin-dev",
"binary_version": "1:2.14.14-1ubuntu2"
}
]
}