EUVD-2025-208685
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4Description
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
Analysis
Mumble before version 1.6.870 contains an out-of-bounds array access vulnerability (CWE-125) that allows remote attackers to crash the client application, resulting in denial of service. The vulnerability requires network access but no authentication or user interaction, affecting all users of vulnerable Mumble client versions. While the CVSS score of 3.7 is relatively low and only impacts availability with no confidentiality or integrity compromise, this vulnerability poses a practical risk to voice communication availability in production deployments.
Technical Context
Mumble is an open-source VoIP application that handles real-time voice communication over network protocols. The vulnerability stems from improper bounds checking in array access operations, classified under CWE-125 (Out-of-bounds Read), which occurs when the application attempts to read memory beyond the allocated boundaries of an array without proper validation. This memory safety issue is common in C/C++-based applications and can be triggered through specially crafted network packets sent to the Mumble client. The affected versions prior to 1.6.870 fail to validate packet structure or array indices before processing incoming protocol data, making remote triggering feasible over the network (AV:N in CVSS vector).
Affected Products
Mumble client versions prior to 1.6.870 are affected by this vulnerability. The vulnerable product is identified as Mumble (CPE identifier format: cpe:2.3:a:mumble:mumble), with all versions from the initial release through version 1.6.869 confirmed as susceptible. Users of Mumble servers may also be indirectly affected depending on the specific code path where the array access occurs. Organizations using Mumble for internal voice communication should inventory all client installations to identify those running versions below 1.6.870.
Remediation
Upgrade Mumble to version 1.6.870 or later immediately, as this version contains the fix for the out-of-bounds array access vulnerability. Download the patched version from the official Mumble project repository or your distribution's package manager. If immediate patching is not feasible, implement network-level mitigations by restricting Mumble client connections to known, trusted Mumble servers through firewall rules and host-based access controls, thereby reducing exposure to malicious or compromised servers that might send crafted packets. Additionally, monitor Mumble client processes for unexpected crashes and maintain offline communication fallback procedures during patching windows.
Priority Score
Vendor Status
Debian
Bug #1129178| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 1.3.4-1 | - |
| bookworm | vulnerable | 1.3.4-4 | - |
| trixie | vulnerable | 1.5.735-5 | - |
| forky, sid | fixed | 1.5.735-8 | - |
| (unstable) | fixed | 1.5.735-7 | - |
Share
External POC / Exploit Code
Leaving vuln.today