Bug#919249: security issue: instability and crash due to crafted message flooding

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug#919249: security issue: instability and crash due to crafted message flooding

Chris Knadle
Package: mumble
Version: 1.2.19-3
Severity: important
Tags: security fixed-upstream fixed-in-experimental


It is currently possible to cause mumble-server to freeze and/or crash by
sending specifically it crafted commands, leading to a denial of service.
The server usually automatically recovers, however it has been reported that
in some instances it can take up to an hour after the attack has ended.
The attack can be done remotely and does not need special permissions.

All versions of mumble 1.2.x and 1.3.0 snapshots prior to 2018-08-31 are affected.


signature.asc (849 bytes) Download Attachment