Bug#919249: security issue: instability and crash due to crafted message flooding
Tags: security fixed-upstream fixed-in-experimental
It is currently possible to cause mumble-server to freeze and/or crash by
sending specifically it crafted commands, leading to a denial of service.
The server usually automatically recovers, however it has been reported that
in some instances it can take up to an hour after the attack has ended.
The attack can be done remotely and does not need special permissions.
All versions of mumble 1.2.x and 1.3.0 snapshots prior to 2018-08-31 are affected.