Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 500582 - <media-sound/mumble-1.2.5 - NULL pointer dereference or out-of-bounds array access, heap-based buffer overflow (CVE-2014-0044, CVE-2014-0045)
Summary: <media-sound/mumble-1.2.5 - NULL pointer dereference or out-of-bounds array a...
Status: RESOLVED DUPLICATE of bug 500486
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://blog.mumble.info/mumble-1-2-5/
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-07 02:47 UTC by Robert Joslyn
Modified: 2014-02-07 08:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Joslyn 2014-02-07 02:47:54 UTC 
Mumble has been updated to fix two security issues, as detailed in this announcement: http://blog.mumble.info/mumble-1-2-5/

Reproducible: Always
Comment 1 Alex Xu (Hello71) 2014-02-07 02:54:54 UTC 
wrangling in progress, please wait
Comment 2 Alex Xu (Hello71) 2014-02-07 02:56:25 UTC 
Mumble-SA-2014-001 [sig] (CVE-2014-0044)
– A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access.

Mumble-SA-2014-002 [sig] (CVE-2014-0045)
– A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow.
Comment 3 Alex Xu (Hello71) 2014-02-07 02:58:43 UTC 
Actually, I'm not sure if "heap-based buffer overflow" means possible remote code execution.
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2014-02-07 03:07:50 UTC 
Let's call it B3 for now, we can bump it up if the CVE indicates possible AcE. Heap-based buffer overflows sometimes are AcE, sometimes just DoS.
Comment 5 Agostino Sarubbo gentoo-dev 2014-02-07 08:10:37 UTC 

*** This bug has been marked as a duplicate of bug 500486 ***