CVE-2014-3756 - Vulnerability Details - OpenCVE

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mumble	Mumble

Configuration 1 [-]

OR	cpe:2.3:a:mumble:mumble:1.2.0:::::::*
	cpe:2.3:a:mumble:mumble:1.2.1:::::::*
	cpe:2.3:a:mumble:mumble:1.2.2:::::::*
	cpe:2.3:a:mumble:mumble:1.2.3:::::::*
	cpe:2.3:a:mumble:mumble:1.2.3:rc1::::::
	cpe:2.3:a:mumble:mumble:1.2.3:rc2::::::
	cpe:2.3:a:mumble:mumble:1.2.3:rc3::::::
	cpe:2.3:a:mumble:mumble:1.2.4:::::::*
	cpe:2.3:a:mumble:mumble:1.2.4:beta1::::::
	cpe:2.3:a:mumble:mumble:1.2.4:rc1::::::
	cpe:2.3:a:mumble:mumble:1.2.5:::::::*

No data.

References

Link	Providers
http://mumble.info/security/Mumble-SA-2014-006.txt
http://www.openwall.com/lists/oss-security/2014/05/15/1
http://www.openwall.com/lists/oss-security/2014/05/15/4
http://www.securityfocus.com/bid/67401

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-16T11:00:00

Updated: 2024-08-06T10:57:16.733Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3756

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-16T11:59:03.887

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-3756

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-16T04:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://mumble.info/security/Mumble-SA-2014-006.txt"}, {"name": "67401", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67401"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3756", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://mumble.info/security/Mumble-SA-2014-006.txt", "refsource": "CONFIRM", "url": "http://mumble.info/security/Mumble-SA-2014-006.txt"}, {"name": "67401", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67401"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:57:16.733Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mumble.info/security/Mumble-SA-2014-006.txt"}, {"name": "67401", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67401"}, {"name": "[oss-security] 20140514 Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"name": "[oss-security] 20140515 Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3756", "datePublished": "2014-11-16T11:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:57:16.733Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mumble:mumble:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "980EAE3E-CB6A-4859-BA0E-BD59F3C0CB7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "97FA20D9-BD99-4B11-97B5-A37B8FBFC3AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3836E7A-B841-477D-9740-070C995722B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F5668D3D-66DC-48E5-B2A5-B419ED0921D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "0DCF3E24-3114-4C9E-BA64-72F10E2825FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4179BE7-916D-4235-957F-67266B986D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "720F26B9-457E-49D0-9CA4-0F9F2EA21CD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A0141BB8-B42D-49BD-88AE-FD8A8F229600", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:beta1:*:*:*:*:*:*", "matchCriteriaId": "E2279EAF-18B7-401F-A2A8-ED7DC85A2E8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "745438C8-081F-45FD-B5D6-CF2FE8C48314", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "41D13BAE-631E-48B5-AC2A-0FFA5E6C65BE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip."}, {"lang": "es", "value": "El cliente en Mumble 1.2.x anterior a 1.2.6 permite a atacantes remotos forzar la subida de un fichero externo y provocar una denegaci\u00f3n de servicio (ca\u00edda y el consumo de recursos) a trav\u00e9s de una cadena manipulada que Qt widget, trata como texto enriquecido, como se demuestra en el nombre de (1) usuario o (2) nombre del canal en Qt dialog, (3) nombre del asunto o (4) direcci\u00f3n de correo al Certificate Wizard, o (5) nombre del servidor en un texto de ayuda."}], "id": "CVE-2014-3756", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-16T11:59:03.887", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://mumble.info/security/Mumble-SA-2014-006.txt"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://mumble.info/security/Mumble-SA-2014-006.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/15/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67401"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}