Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3756

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.

Published

2014-11-16T11:59:03.887

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-19
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mumble mumble 1.2.0 Yes
Application mumble mumble 1.2.1 Yes
Application mumble mumble 1.2.2 Yes
Application mumble mumble 1.2.3 Yes
Application mumble mumble 1.2.3 Yes
Application mumble mumble 1.2.3 Yes
Application mumble mumble 1.2.3 Yes
Application mumble mumble 1.2.4 Yes
Application mumble mumble 1.2.4 Yes
Application mumble mumble 1.2.4 Yes
Application mumble mumble 1.2.5 Yes
References