CVE-2014-1916

2022-10-0316:20:28

CWE-399

[email protected]

web.nvd.nist.gov

cve-2014-1916

mumblekit

mumble

ios

denial of service

null pointer dereference

crash

opus voice packet

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.

Affected configurations

NVD

Node

light_speed_gamingmumbleMatch1.1iphone_os

light_speed_gamingmumbleMatch1.1rc1iphone_os

light_speed_gamingmumbleMatch1.1.1iphone_os

light_speed_gamingmumbleMatch1.2iphone_os

light_speed_gamingmumbleMatch1.2.1iphone_os

light_speed_gamingmumbleMatch1.2.2iphone_os

light_speed_gamingmumblekitMatch-

CPENameOperatorVersion
light_speed_gaming:mumblelight speed gaming mumbleeq1.1
light_speed_gaming:mumblelight speed gaming mumbleeq1.1.1
light_speed_gaming:mumblelight speed gaming mumbleeq1.2
light_speed_gaming:mumblelight speed gaming mumbleeq1.2.1
light_speed_gaming:mumblelight speed gaming mumbleeq1.2.2
light_speed_gaming:mumblekitlight speed gaming mumblekiteq-

CPE	Name	Operator	Version
light_speed_gaming:mumble	light speed gaming mumble	eq	1.1
light_speed_gaming:mumble	light speed gaming mumble	eq	1.1.1
light_speed_gaming:mumble	light speed gaming mumble	eq	1.2
light_speed_gaming:mumble	light speed gaming mumble	eq	1.2.1
light_speed_gaming:mumble	light speed gaming mumble	eq	1.2.2
light_speed_gaming:mumblekit	light speed gaming mumblekit	eq	-