Mumble Mumble

stack.watch can email you when security vulnerabilities are reported in Mumble. You can add multiple products that you use with Mumble to create your own personal software stack watcher.

By the Year

In 2021 there have been 1 vulnerability in Mumble with an average score of 8.8 out of ten. Mumble did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 1 8.80
2020 0 0.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Mumble vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Mumble Security Vulnerabilities

Mumble before 1.3.4

CVE-2021-27229 8.8 - High - February 16, 2021

Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.

CVE-2021-27229 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

insecure temporary file

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests

CVE-2018-20743 7.5 - High - January 25, 2019

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.

CVE-2018-20743 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Input Validation