Lucene search
RootSSV:61457HistoryFeb 17, 2014 - 12:00 a.m.
Mumble needSamples方法堆缓冲区溢出漏洞
2014-02-1700:00:00
Root
www.seebug.org
18
EPSS
0.085
Percentile
94.5%
BUGTRAQ ID: 65374
CVE(CAN) ID: CVE-2014-0045
Mumble是玩游戏时使用的开源的、低延迟的语音聊天软件。
Mumble 1.2.4及其他版本客户端的AudioOutputSpeech.cpp中,needSamples方法没有检查opus_decode_float函数的返回值,这可使远程攻击者通过特制的Opus声音数据包造成拒绝服务并执行任意代码。
0
sourceforge Mumble 1.2.4
厂商补丁:
sourceforge
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://mumble.sourceforge.net/
http://mumble.info/security/Mumble-SA-2014-004.txt
http://mumble.info/security/Mumble-SA-2014-002.txt
Related
cvelist
cvelist
CVE-2014-0045
2014-02-08 00:00:00
debiancve
debiancve
CVE-2014-0045
2014-02-08 00:55:06
cve
cve
CVE-2014-0045
2014-02-08 00:55:06
prion
prion
Heap overflow
2014-02-08 00:55:00
ubuntucve
ubuntucve
CVE-2014-0045
2014-02-08 00:00:00
nvd
nvd
CVE-2014-0045
2014-02-08 00:55:06
fedora
fedora
[SECURITY] Fedora 19 Update: mumble-1.2.5-1.fc19
2014-05-08 10:03:03
[SECURITY] Fedora 20 Update: mumble-1.2.5-1.fc20
2014-05-08 10:01:34
[SECURITY] Fedora 19 Update: mumble-1.2.6-1.fc19
2014-05-28 02:55:34
openvas
openvas
Fedora Update for mumble FEDORA-2014-5751
2014-05-12 00:00:00
Debian Security Advisory DSA 2854-1 (mumble - several vulnerabilities)
2014-02-05 00:00:00
Fedora Update for mumble FEDORA-2014-5751
2014-05-12 00:00:00
freebsd
freebsd
mumble -- NULL pointer dereference and heap-based buffer overflow
2014-01-25 00:00:00
osv
osv
mumble - several
2014-02-05 00:00:00
mumble-1.2.17-1.2 on GA media
2024-06-15 00:00:00
nessus
nessus
openSUSE Security Update : mumble (openSUSE-SU-2014:0271-1)
2014-06-13 00:00:00
Debian DSA-2854-1 : mumble - several vulnerabilities
2014-02-06 00:00:00
Fedora 19 : mumble-1.2.5-1.fc19 (2014-5751)
2014-05-09 00:00:00
debian
debian
[SECURITY] [DSA 2854-1] mumble security update
2014-02-05 15:41:08
[SECURITY] [DSA 2854-1] mumble security update
2014-02-05 15:41:08
gentoo
gentoo
Mumble: Multiple vulnerabilities
2014-06-06 00:00:00