Lucene search

K
cve[email protected]CVE-2014-1916
HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-1916

2022-10-0316:20:28
CWE-399
web.nvd.nist.gov
18
cve-2014-1916
mumblekit
mumble
ios
denial of service
null pointer dereference
crash
opus voice packet

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.

Affected configurations

NVD
Node
light_speed_gamingmumbleMatch1.1iphone_os
OR
light_speed_gamingmumbleMatch1.1rc1iphone_os
OR
light_speed_gamingmumbleMatch1.1.1iphone_os
OR
light_speed_gamingmumbleMatch1.2iphone_os
OR
light_speed_gamingmumbleMatch1.2.1iphone_os
OR
light_speed_gamingmumbleMatch1.2.2iphone_os
OR
light_speed_gamingmumblekitMatch-

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

Related for CVE-2014-1916