cbcvebase.
CVE-2020-13962
published 2020-06-09

CVE-2020-13962: Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.01%
85.7th percentile
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

Affected

12 ranges
VendorProductVersion rangeFixed in
debianqtbase-opensource-src< qtbase-opensource-src 5.14.2+dfsg-6 (bookworm)qtbase-opensource-src 5.14.2+dfsg-6 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
msrccbl2_qt5-qtsvg_5.12.11-3_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
mumblemumble
opensuseleap
qtqt>= 5.12.2 < 5.12.95.12.9
qtqt5.13.0 – 5.13.2
qtqt5.14.0 – 5.14.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.