{"id":"CVE-2018-20743","details":"murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.","modified":"2026-04-16T01:38:48.682112267Z","published":"2019-01-25T16:29:00.260Z","related":["openSUSE-SU-2019:1794-1","openSUSE-SU-2019:1876-1","openSUSE-SU-2020:0137-1","openSUSE-SU-2024:11065-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00023.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00058.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00006.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4402"},{"type":"REPORT","url":"https://bugs.debian.org/919249"},{"type":"FIX","url":"https://github.com/mumble-voip/mumble/issues/3505"},{"type":"FIX","url":"https://github.com/mumble-voip/mumble/pull/3510"},{"type":"FIX","url":"https://github.com/mumble-voip/mumble/pull/3512"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mumble-voip/mumble","events":[{"introduced":"0"},{"last_affected":"cf8eaa20d9ba36a7877f01a83ac1036aebf18631"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.2.19"}],"cpe":"cpe:2.3:a:mumble:mumble:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["1.1.8","1.2.0","1.2.0beta1","1.2.0beta2","1.2.1","1.2.10","1.2.11","1.2.12","1.2.13","1.2.14","1.2.15","1.2.16","1.2.17","1.2.18","1.2.19","1.2.2","1.2.3","1.2.3-rc1","1.2.3-rc2","1.2.3-rc3","1.2.4","1.2.4-beta1","1.2.4-rc1","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20743.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}