PT-2014-4365 · Mumble · Mumblekit+1
Published
2014-02-08
·
Updated
2014-02-10
·
CVE-2014-1916
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
MumbleKit versions prior to commit fd190328a9b24d37382b269a5674b0c0c7a7e36d
Mumble for iOS versions 1.1 through 1.2.2
Description
The issue concerns the
opus packet get nb frames and opus packet get samples per frame functions in the client, which do not properly check the return value of the copyDataBlock method. This allows remote attackers to cause a denial of service via a crafted length prefix value in an Opus voice packet, resulting in a NULL pointer dereference and crash.Recommendations
For MumbleKit versions prior to commit fd190328a9b24d37382b269a5674b0c0c7a7e36d, update to a version that includes the fix.
For Mumble for iOS versions 1.1 through 1.2.2, update to a version that includes the fix.
As a temporary workaround, consider restricting the use of Opus voice packets until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mumble For Ios
Mumblekit