CVE-2018-20743 Common Vulnerabilities and Exposures

Upstream information

CVE-2018-20743 at MITRE

Description

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3

SUSE Bugzilla entry: 1123334 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2019:1794-1, published Fri Dec 8 15:48:42 2023
openSUSE-SU-2019:1876-1, published Fri Dec 8 15:48:42 2023
openSUSE-SU-2020:0137-1, published Thu Dec 7 12:55:39 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 12	`mumble >= 1.2.19-9.1` `mumble-32bit >= 1.2.19-lp151.4.6.1` `mumble-server >= 1.2.19-9.1`	Patchnames: openSUSE-2019-1794
SUSE Package Hub 15 SP1	`mumble >= 1.2.19-bp151.6.6.1` `mumble-64bit >= 1.2.19-bp151.6.6.1` `mumble-server >= 1.2.19-bp151.6.6.1`	Patchnames: openSUSE-2019-1876 openSUSE-2020-137
SUSE Package Hub 15	`mumble >= 1.2.19-bp150.3.3.1` `mumble-32bit >= 1.2.19-lp151.4.6.1` `mumble-64bit >= 1.2.19-bp150.3.3.1` `mumble-server >= 1.2.19-bp150.3.3.1`	Patchnames: openSUSE-2019-1794
openSUSE Leap 15.0	`mumble >= 1.2.19-lp150.3.3.1` `mumble-32bit >= 1.2.19-lp150.3.3.1` `mumble-server >= 1.2.19-lp150.3.3.1`	Patchnames: openSUSE-2019-1794
openSUSE Leap 15.1	`mumble >= 1.2.19-lp151.4.6.1` `mumble-32bit >= 1.2.19-lp151.4.6.1` `mumble-server >= 1.2.19-lp151.4.6.1`	Patchnames: openSUSE-2019-1794
openSUSE Tumbleweed	`mumble >= 1.3.4-2.7` `mumble-32bit >= 1.3.4-2.7` `mumble-server >= 1.3.4-2.7`	Patchnames: openSUSE-Tumbleweed-2024-11065

SUSE Timeline for this CVE

CVE page created: Sat Jan 26 16:36:48 2019
CVE page last modified: Tue Sep 3 19:11:15 2024