Описание
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mumble | fixed | 1.3.4-1 | package | |
| mumble | fixed | 1.3.0~git20190125.440b173+dfsg-2+deb10u1 | buster | package |
Примечания
https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
https://github.com/mumble-voip/mumble/pull/4733
Связанные уязвимости
CVSS3: 8.8
ubuntu
почти 5 лет назад
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
CVSS3: 8.8
nvd
почти 5 лет назад
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
CVSS3: 8.8
github
больше 3 лет назад
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.