Name of the Vulnerable Software and Affected Versions Mumble (affected versions not specified)

Description A security issue is identified in the OCB2 encryption used by Mumble. According to a research paper, OCB2 is known to be broken under certain conditions. However, the specific conditions required for a universal attack are not met in Mumble due to its use of a fixed encryption counter. The basic attacks, which do not require an attacker-chosen nonce, may still be applicable but are of limited use and require both an encryption and a decryption oracle, which Mumble does not provide simultaneously. As a precautionary measure, a counter-cryptanalysis measure has been implemented to protect against potential exploits.

Recommendations To resolve the issue, update the Mumble package to the latest version that includes the counter-cryptanalysis measure. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but updating to the latest package is recommended.