murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
References
Link | Resource |
---|---|
https://github.com/mumble-voip/mumble/pull/3512 | Patch Third Party Advisory |
https://github.com/mumble-voip/mumble/pull/3510 | Patch Third Party Advisory |
https://github.com/mumble-voip/mumble/issues/3505 | Patch Third Party Advisory |
https://bugs.debian.org/919249 | Issue Tracking Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/02/msg00006.html | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4402 | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00023.html | |
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00058.html |
Information
Published : 2019-01-25 08:29
Updated : 2019-07-23 11:15
NVD link : CVE-2018-20743
Mitre link : CVE-2018-20743
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
debian
- debian_linux
mumble
- mumble