CVE-2014-3756 — Mumble vulnerability

CWE-195 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mumble Debian Mumble

Timeline

PublishedNov 16

Latest updateMay 17

Description

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mumble< mumble 1.2.6-1 (bookworm)

▶Debianmumble/mumble< 1.2.6-1+3

▶NVDmumble/mumble6 versions+5

🔴Vulnerability Details

GHSA

GHSA-64pr-fwhg-9fg4: The client in Mumble 1↗2022-05-17

▶

OSV

CVE-2014-3756: The client in Mumble 1↗2014-11-16

▶

📋Vendor Advisories

Debian

CVE-2014-3756: mumble - The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loa...↗2014

▶

💬Community

Bugzilla

CVE-2014-3756 mumble: Mumble-SA-2014-006 - DoS (hang and/or resource exhaustion) on a Mumble client by causing it to load external files via the HTML↗2014-05-15

▶