Published: 25/01/2019 Updated: 23/07/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

murmur in Mumble up to and including 1.2.19 prior to 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote malicious users to cause a denial of service (daemon hang or crash) via a message flood.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mumble mumble
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #919249 mumble: CVE-2018-20743: instability and crash due to crafted message flooding Package: mumble; Maintainer for mumble is Christopher Knadle <ChrisKnadle@coredumpus>; Source for mumble is src:mumble (PTS, buildd, popcon) Reported by: Chris Knadle <ChrisKnadle@coredumpus> Date: Mon, ...

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service For the stable distribution (stretch), this problem has been fixed in version 1218-1+deb9u1 We recommend that you upgrade your mumble packages For the detailed security status of mumble ...

CWE-20 https://github.com/mumble-voip/mumble/pull/3512 https://github.com/mumble-voip/mumble/pull/3510 https://github.com/mumble-voip/mumble/issues/3505 https://bugs.debian.org/919249 https://lists.debian.org/debian-lts-announce/2019/02/msg00006.html https://www.debian.org/security/2019/dsa-4402 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00058.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919249 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4402

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-20743

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect