CVE-2020-13962

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-13962
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13962.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13962
Downstream
Related
Published
2020-06-09T00:15:10.123Z
Modified
2026-04-16T04:38:12.379621044Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

References

Affected packages

Git / github.com/mumble-voip/mumble

Affected ranges

Type
GIT
Repo
https://github.com/mumble-voip/mumble
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
78fefb4a2094bb22919598b87ca1628bb9eeda60
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-NA"
        }
    ]
}
Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
856fb1ab44722f5165fb6b5dec0bd748006acd10
Fixed
823ed71e220ebde07970dd61c04bb47b01dd06c4
Introduced
fc9ae22c88dd085c7c31599037132fc756feeb04
Last affected
a7a24784eeba6747d319eb911583bdd99ef38cdb
Introduced
2a887a517eaaa2c5324aecf3b919899b7a86ff4a
Last affected
3a6d8df5219653b043bd642668cee193f563ec84
Database specific 
{
    "versions": [
        {
            "introduced": "5.12.2"
        },
        {
            "fixed": "5.12.9"
        },
        {
            "introduced": "5.13.0"
        },
        {
            "last_affected": "5.13.2"
        },
        {
            "introduced": "5.14.0"
        },
        {
            "last_affected": "5.14.2"
        }
    ]
}

Affected versions

1.*
1.1.8
1.2.0
1.2.0beta1
1.2.0beta2
1.2.1
1.2.2
1.2.3
1.2.3-rc1
1.2.3-rc2
1.2.3-rc3
1.2.4
1.2.4-beta1
1.2.4-rc1
1.3.0
1.3.0-rc1
1.3.0-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13962.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.2"
            }
        ]
    }
]