7.5

CVE-2018-20743

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MumbleMumble Version <= 1.2.19
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.63% 0.88
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00058.html
https://bugs.debian.org/919249
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/mumble-voip/mumble/issues/3505
Patch
Third Party Advisory
https://github.com/mumble-voip/mumble/pull/3510
Patch
Third Party Advisory
https://github.com/mumble-voip/mumble/pull/3512
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00006.html
Third Party Advisory
https://www.debian.org/security/2019/dsa-4402
Third Party Advisory