Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html | Mailing List Third Party Advisory |
https://bugreports.qt.io/browse/QTBUG-83450 | Issue Tracking Vendor Advisory |
https://github.com/mumble-voip/mumble/issues/3679 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/mumble-voip/mumble/pull/4032 | Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/ | |
https://security.gentoo.org/glsa/202007-18 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-08T23:14:10
Updated: 2020-10-05T18:06:15
Reserved: 2020-06-08T00:00:00
Link: CVE-2020-13962
JSON object: View
NVD Information
Status : Modified
Published: 2020-06-09T00:15:10.123
Modified: 2023-11-07T03:17:04.313
Link: CVE-2020-13962
JSON object: View
Redhat Information
No data.
CWE