Vulnerability Key Information CVE ID: CVE-2018-20743 Affected Software: Mumble Issue Description: - Description: An attacker can cause the mumble-server to crash or freeze by sending specific forged commands, leading to service unavailability. Although the server typically recovers automatically, in some cases it may take up to an hour to resume normal operation. This attack can be executed remotely without requiring special privileges. Affected Versions: - mumble/1.2.19-3 - mumble/1.2.18-1 - All versions of mumble 1.2.x and 1.3.0 snapshots prior to 2018-08-31 are affected. Fixed Versions: - Version: mumble 1.3.0~git20190114.9fcc588+dfsg-1 - Fix Method: The issue was resolved in the new version released on January 14, 2019. Vulnerability Severity: Classified as "Critical". Vulnerability Report: - Reporter: Chris Knadle - Report Date: January 14, 2019 Vulnerability Fixer: - Fixer: Christopher Knadle - Fix Date: January 15, 2019 Resolution Status: - The vulnerability has been confirmed as resolved. A new stable version has been released, and the vulnerability has been closed and archived. No further action is required. The vulnerability has been assigned CVE ID CVE-2018-20743. Additional Information: The Debian vulnerability tracking system noted that in Debian version 1.2.19-3 and earlier, the mumble server would often crash or become unresponsive. Additionally, several minor security issues were addressed, including removal of QT4 from mumble, audio issues, Qt5 dependency problems, and file release dependency issues.