Vulnerability Details CVE-2021-27229
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
- https://github.com/mumble-voip/mumble/compare/1.3.3...1.3.4
- https://github.com/mumble-voip/mumble/pull/4733
- https://lists.debian.org/debian-lts-announce/2021/02/msg00022.html
- https://security.gentoo.org/glsa/202105-13
- https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
- https://github.com/mumble-voip/mumble/compare/1.3.3...1.3.4
- https://github.com/mumble-voip/mumble/pull/4733
- https://lists.debian.org/debian-lts-announce/2021/02/msg00022.html
- https://security.gentoo.org/glsa/202105-13
Products affected by CVE-2021-27229
-
cpe:2.3:a:mumble:mumble:-
-
cpe:2.3:a:mumble:mumble:1.1.8
-
cpe:2.3:a:mumble:mumble:1.2.0
-
cpe:2.3:a:mumble:mumble:1.2.1
-
cpe:2.3:a:mumble:mumble:1.2.10
-
cpe:2.3:a:mumble:mumble:1.2.11
-
cpe:2.3:a:mumble:mumble:1.2.12
-
cpe:2.3:a:mumble:mumble:1.2.13
-
cpe:2.3:a:mumble:mumble:1.2.14
-
cpe:2.3:a:mumble:mumble:1.2.15
-
cpe:2.3:a:mumble:mumble:1.2.16
-
cpe:2.3:a:mumble:mumble:1.2.17
-
cpe:2.3:a:mumble:mumble:1.2.18
-
cpe:2.3:a:mumble:mumble:1.2.19
-
cpe:2.3:a:mumble:mumble:1.2.2
-
cpe:2.3:a:mumble:mumble:1.2.3
-
cpe:2.3:a:mumble:mumble:1.2.4
-
cpe:2.3:a:mumble:mumble:1.2.5
-
cpe:2.3:a:mumble:mumble:1.2.6
-
cpe:2.3:a:mumble:mumble:1.2.7
-
cpe:2.3:a:mumble:mumble:1.2.8
-
cpe:2.3:a:mumble:mumble:1.2.9
-
cpe:2.3:a:mumble:mumble:1.3.0
-
cpe:2.3:a:mumble:mumble:1.3.1
-
cpe:2.3:a:mumble:mumble:1.3.2
-
cpe:2.3:a:mumble:mumble:1.3.3
-
cpe:2.3:o:debian:debian_linux:9.0