{"api_version":"1","generated_at":"2026-04-22T23:30:25+00:00","cve":"CVE-2020-13962","urls":{"html":"https://cve.report/CVE-2020-13962","api":"https://cve.report/api/cve/CVE-2020-13962.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-13962","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-13962"},"summary":{"title":"CVE-2020-13962","description":"Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-06-09 00:15:00","updated_at":"2023-11-07 03:17:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/","name":"FEDORA-2020-ca26a3f832","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: mumble-1.3.2-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/","name":"FEDORA-2020-8372f6bae4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: mumble-1.3.2-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security.gentoo.org/glsa/202007-18","name":"GLSA-202007-18","refsource":"GENTOO","tags":[],"title":"QtNetwork: Denial of service (GLSA 202007-18) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/","name":"FEDORA-2020-f869e01557","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: mumble-1.3.2-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html","name":"openSUSE-SU-2020:1319","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1319-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugreports.qt.io/browse/QTBUG-83450","name":"https://bugreports.qt.io/browse/QTBUG-83450","refsource":"MISC","tags":["Issue Tracking","Vendor Advisory"],"title":"[QTBUG-83450] Qt incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications. - Qt Bug Tracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/mumble-voip/mumble/issues/3679","name":"https://github.com/mumble-voip/mumble/issues/3679","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"SSL routines:SSL_shutdown:shutdown while in init · Issue #3679 · mumble-voip/mumble · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/mumble-voip/mumble/pull/4032","name":"https://github.com/mumble-voip/mumble/pull/4032","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"src/murmur/Server.cpp: implement workaround for critical QSslSocket issue by davidebeatrici · Pull Request #4032 · mumble-voip/mumble · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/","name":"FEDORA-2020-f869e01557","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: mumble-1.3.2-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/","name":"FEDORA-2020-8372f6bae4","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: mumble-1.3.2-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/","name":"FEDORA-2020-ca26a3f832","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: mumble-1.3.2-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-13962","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13962","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mumble","cpe5":"mumble","cpe6":"1.3.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mumble","cpe5":"mumble","cpe6":"1.3.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qt","cpe5":"qt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qt","cpe5":"qt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"5.13.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qt","cpe5":"qt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13962","vulnerable":"1","versionEndIncluding":"5.14.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qt","cpe5":"qt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-13962","qid":"296072","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 25.75.3 Missing (CPUJUL2020)"},{"cve":"CVE-2020-13962","qid":"900114","title":"CBL-Mariner Linux Security Update for qt5-qtbase 5.12.5"},{"cve":"CVE-2020-13962","qid":"900287","title":"CBL-Mariner Linux Security Update for qt5-qtbase 5.12.11"},{"cve":"CVE-2020-13962","qid":"901145","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (6835-1)"},{"cve":"CVE-2020-13962","qid":"940264","title":"AlmaLinux Security Update for qt5-qtbase and qt5-qtwebsockets (ALSA-2020:4690)"},{"cve":"CVE-2020-13962","qid":"960823","title":"Rocky Linux Security Update for qt5-qtbase and qt5-qtwebsockets (RLSA-2020:4690)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-13962","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/mumble-voip/mumble/pull/4032","refsource":"MISC","name":"https://github.com/mumble-voip/mumble/pull/4032"},{"url":"https://bugreports.qt.io/browse/QTBUG-83450","refsource":"MISC","name":"https://bugreports.qt.io/browse/QTBUG-83450"},{"url":"https://github.com/mumble-voip/mumble/issues/3679","refsource":"MISC","name":"https://github.com/mumble-voip/mumble/issues/3679"},{"refsource":"GENTOO","name":"GLSA-202007-18","url":"https://security.gentoo.org/glsa/202007-18"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1319","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"},{"refsource":"FEDORA","name":"FEDORA-2020-f869e01557","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"},{"refsource":"FEDORA","name":"FEDORA-2020-ca26a3f832","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"},{"refsource":"FEDORA","name":"FEDORA-2020-8372f6bae4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"}]}},"nvd":{"publishedDate":"2020-06-09 00:15:00","lastModifiedDate":"2023-11-07 03:17:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mumble:mumble:1.3.0:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14.0","versionEndIncluding":"5.14.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13.0","versionEndIncluding":"5.13.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12.2","versionEndExcluding":"5.12.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"13962","Ordinal":"175188","Title":"CVE-2020-13962","CVE":"CVE-2020-13962","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"13962","Ordinal":"1","NoteData":"Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)","Type":"Description","Title":null},{"CveYear":"2020","CveId":"13962","Ordinal":"2","NoteData":"2020-06-08","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"13962","Ordinal":"3","NoteData":"2020-10-05","Type":"Other","Title":"Modified"}]}}}