CVE-2018-20743

Published: Jan 25, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.

Affected (3)

Products: Mumble: Mumble · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mumble Mumble	Up to 1.2.19

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00023.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00058.html

Source: cve@mitre.org

https://bugs.debian.org/919249

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

https://github.com/mumble-voip/mumble/issues/3505

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/mumble-voip/mumble/pull/3510

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/mumble-voip/mumble/pull/3512

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/02/msg00006.html

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4402

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html