CVE-2014-3756

NONE EPSS 70.8%
Published Nov 16, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 16, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.

Threat Intelligence

EPSS Exploit Probability
70.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-19

Affected Products 11

VendorProductVersionRange
mumblemumble1.2.0any
mumblemumble1.2.1any
mumblemumble1.2.2any
mumblemumble1.2.3any
mumblemumble1.2.3any
mumblemumble1.2.3any
mumblemumble1.2.3any
mumblemumble1.2.4any
mumblemumble1.2.4any
mumblemumble1.2.4any
mumblemumble1.2.5any

References 4

  • mumble.info http://mumble.info/security/Mumble-SA-2014-006.txt
    Vendor Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2014/05/15/1
  • openwall.com http://www.openwall.com/lists/oss-security/2014/05/15/4
  • securityfocus.com http://www.securityfocus.com/bid/67401

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.