Back to search
CVE-2020-13962
Published: Jun 8, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/mumble-voip/mumble/pull/4032
x_refsource_MISC
https://bugreports.qt.io/browse/QTBUG-83450
x_refsource_MISC
https://github.com/mumble-voip/mumble/issues/3679
x_refsource_MISC
GLSA-202007-18
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2020:1319
vendor-advisory
x_refsource_SUSE
FEDORA-2020-f869e01557
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-ca26a3f832
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-8372f6bae4
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now