CVE-2014-3756
NONE EPSS 70.8%
Published Nov 16, 201411y ago · Modified Jun 17, 20262w ago
Published Nov 16, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.
Threat Intelligence
EPSS Exploit Probability
70.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-19
Affected Products 11
References 4
- mumble.info http://mumble.info/security/Mumble-SA-2014-006.txt
- openwall.com http://www.openwall.com/lists/oss-security/2014/05/15/1
- openwall.com http://www.openwall.com/lists/oss-security/2014/05/15/4
- securityfocus.com http://www.securityfocus.com/bid/67401
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.