// For flags

CVE-2014-3756

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.

El cliente en Mumble 1.2.x anterior a 1.2.6 permite a atacantes remotos forzar la subida de un fichero externo y provocar una denegación de servicio (caída y el consumo de recursos) a través de una cadena manipulada que Qt widget, trata como texto enriquecido, como se demuestra en el nombre de (1) usuario o (2) nombre del canal en Qt dialog, (3) nombre del asunto o (4) dirección de correo al Certificate Wizard, o (5) nombre del servidor en un texto de ayuda.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-14 CVE Reserved
  • 2014-06-06 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-19: Data Processing Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.0
Search vendor "Mumble" for product "Mumble" and version "1.2.0"
-
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.1
Search vendor "Mumble" for product "Mumble" and version "1.2.1"
-
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.2
Search vendor "Mumble" for product "Mumble" and version "1.2.2"
-
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.3
Search vendor "Mumble" for product "Mumble" and version "1.2.3"
-
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.3
Search vendor "Mumble" for product "Mumble" and version "1.2.3"
rc1
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.3
Search vendor "Mumble" for product "Mumble" and version "1.2.3"
rc2
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.3
Search vendor "Mumble" for product "Mumble" and version "1.2.3"
rc3
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.4
Search vendor "Mumble" for product "Mumble" and version "1.2.4"
-
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.4
Search vendor "Mumble" for product "Mumble" and version "1.2.4"
beta1
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.4
Search vendor "Mumble" for product "Mumble" and version "1.2.4"
rc1
Affected
Mumble
Search vendor "Mumble"
Mumble
Search vendor "Mumble" for product "Mumble"
1.2.5
Search vendor "Mumble" for product "Mumble" and version "1.2.5"
-
Affected