CVE-2020-13962

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13962

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13962.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-13962

Downstream

DEBIAN-CVE-2020-13962

RHSA-2020:4690

SUSE-SU-2020:2357-1

UBUNTU-CVE-2020-13962

openSUSE-SU-2020:1319-1

openSUSE-SU-2024:11742-1

Related

Published

2020-06-09T00:15:10Z

Modified

2025-10-27T13:09:23.697142Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

References

Affected packages

Git / github.com/qt/qt5

Affected ranges

Type: GIT
Repo: https://github.com/qt/qt5
Events: Introduced

7100c54887416c99d9f4f08b81e61f1bd03fda3c

Fixed

e16b5baa08efe8cda43fae9d00d287d314770675

Affected versions

v5.*

v5.12.2

v5.12.3

v5.12.4

v5.12.5

v5.12.6

v5.12.7

v5.12.8

Git / github.com/qt/qtbase

Affected ranges

Type: GIT
Repo: https://github.com/qt/qtbase
Events: Introduced

856fb1ab44722f5165fb6b5dec0bd748006acd10

Fixed

823ed71e220ebde07970dd61c04bb47b01dd06c4

Affected versions

v5.*

v5.12.2

v5.12.3

v5.12.4

v5.12.5

v5.12.6

v5.12.7

v5.12.8