Vulnerabilities > CVE-2014-1916 - Resource Management Errors vulnerability in Light Speed Gaming Mumble and Mumblekit

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

light-speed-gaming

CWE-399

NVD

Published: 2014-02-08

Updated: 2014-02-10

Summary

The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.

Vulnerable Configurations

Part	Description	Count
Application	Light_Speed_Gaming Light Speed Gaming Mumble 1.1 Light Speed Gaming Mumble 1.1.1 Light Speed Gaming Mumble 1.2 Light Speed Gaming Mumble 1.2.1 Light Speed Gaming Mumble 1.2.2 Light Speed Gaming Mumblekit -	7

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References