UBUNTU-CVE-2020-13962

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-13962

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-13962.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-13962

Upstream

CVE-2020-13962

Published

2020-06-09T00:15:00Z

Modified

2025-07-18T16:45:54Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

References

Affected packages

Ubuntu:Pro:20.04:LTS / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.12.8+dfsg-0ubuntu2.1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-4ubuntu1

5.12.5+dfsg-2

5.12.5+dfsg-8

5.12.5+dfsg-8build1

5.12.5+dfsg-9build1

5.12.8+dfsg-0ubuntu1

5.12.8+dfsg-0ubuntu2.1