CVE-2014-0045
Published Feb 8, 2014
Last updated 8 years ago
Overview
- Description
- The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-189
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.1:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "E3287491-AE9A-4291-ADAB-1343C0387265"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.1:rc1:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "B9C1A613-0F8E-41D7-A6D8-B65B63BBFBEF"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.1.1:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "CAD18E98-4585-48C3-B61D-7AF514D97CB5"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.2:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "1751EC48-0639-4443-8F9B-C47AB9B8F48A"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.2.1:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "0064542D-D994-45D4-8FED-F75D7F313834"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.2.2:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "3B0B1EEE-CA53-4FCA-978F-F6C12D7D820B"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CCA7868-52D3-4B78-BEDB-9777868220DA"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58AB2649-41DA-47F6-BFF2-151ABB49720B"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.2.3:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8575927-B679-4C94-8569-E506DFB0FA6B"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumble:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88FED56C-128D-4DE9-A411-FDE610F40047"
},
{
"criteria": "cpe:2.3:a:light_speed_gaming:mumblekit:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AEF9B56-E3B3-4840-8655-401F4554926D"
}
],
"operator": "OR"
}
]
}
]