murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00023.html | |
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00058.html | |
https://bugs.debian.org/919249 | Issue Tracking Mailing List Third Party Advisory |
https://github.com/mumble-voip/mumble/issues/3505 | Patch Third Party Advisory |
https://github.com/mumble-voip/mumble/pull/3510 | Patch Third Party Advisory |
https://github.com/mumble-voip/mumble/pull/3512 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/02/msg00006.html | Third Party Advisory |
https://www.debian.org/security/2019/dsa-4402 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-25T16:00:00
Updated: 2020-01-29T21:06:11
Reserved: 2019-01-25T00:00:00
Link: CVE-2018-20743
JSON object: View
NVD Information
Status : Modified
Published: 2019-01-25T16:29:00.260
Modified: 2019-07-23T18:15:13.847
Link: CVE-2018-20743
JSON object: View
Redhat Information
No data.
CWE