Name of the Vulnerable Software and Affected Versions mumble versions prior to 1.3.2

Description The issue is related to a potential exploit in the OCB2 encryption. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Technical details about the issue include a potential exploit in the OCB2 encryption, which could be related to the getRegistration() function and the UserKDFIterations field in UserInfo. However, specific details about exploitation, such as API endpoints or vulnerable parameters, are not provided.

Recommendations For mumble versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or functions that may be related to the OCB2 encryption until a patch is available. However, without more specific information about the vulnerability, precise mitigation measures cannot be provided.