CVE-2020-13962
Summary
| CVE | CVE-2020-13962 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-09 00:15:00 UTC |
| Updated | 2023-11-07 03:17:00 UTC |
| Description | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Application | Mumble | Mumble | 1.3.0 | - | All | All |
| Application | Mumble | Mumble | 1.3.0 | - | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Application | Qt | Qt | All | All | All | All |
| Application | Qt | Qt | All | All | All | All |
| Application | Qt | Qt | All | All | All | All |
| Application | Qt | Qt | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 31 Update: mumble-1.3.2-1.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 32 Update: mumble-1.3.2-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| QtNetwork: Denial of service (GLSA 202007-18) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 33 Update: mumble-1.3.2-1.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [security-announce] openSUSE-SU-2020:1319-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [QTBUG-83450] Qt incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications. - Qt Bug Tracker | MISC | bugreports.qt.io | Issue Tracking, Vendor Advisory |
| SSL routines:SSL_shutdown:shutdown while in init · Issue #3679 · mumble-voip/mumble · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| src/murmur/Server.cpp: implement workaround for critical QSslSocket issue by davidebeatrici · Pull Request #4032 · mumble-voip/mumble · GitHub | MISC | github.com | Patch, Third Party Advisory |
| [SECURITY] Fedora 33 Update: mumble-1.3.2-1.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: mumble-1.3.2-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 31 Update: mumble-1.3.2-1.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296072 Oracle Solaris 11.4 Support Repository Update (SRU) 25.75.3 Missing (CPUJUL2020)
- 900114 CBL-Mariner Linux Security Update for qt5-qtbase 5.12.5
- 900287 CBL-Mariner Linux Security Update for qt5-qtbase 5.12.11
- 901145 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (6835-1)
- 940264 AlmaLinux Security Update for qt5-qtbase and qt5-qtwebsockets (ALSA-2020:4690)
- 960823 Rocky Linux Security Update for qt5-qtbase and qt5-qtwebsockets (RLSA-2020:4690)