{"id":"CVE-2020-13962","details":"Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)","modified":"2026-04-16T04:38:12.379621044Z","published":"2020-06-09T00:15:10.123Z","related":["ALSA-2020:4690","SUSE-SU-2020:2357-1","openSUSE-SU-2020:1319-1","openSUSE-SU-2024:11742-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-18"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"},{"type":"REPORT","url":"https://bugreports.qt.io/browse/QTBUG-83450"},{"type":"FIX","url":"https://github.com/mumble-voip/mumble/issues/3679"},{"type":"FIX","url":"https://github.com/mumble-voip/mumble/pull/4032"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mumble-voip/mumble","events":[{"introduced":"0"},{"last_affected":"78fefb4a2094bb22919598b87ca1628bb9eeda60"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.0-NA"}]}},{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"856fb1ab44722f5165fb6b5dec0bd748006acd10"},{"fixed":"823ed71e220ebde07970dd61c04bb47b01dd06c4"},{"introduced":"fc9ae22c88dd085c7c31599037132fc756feeb04"},{"last_affected":"a7a24784eeba6747d319eb911583bdd99ef38cdb"},{"introduced":"2a887a517eaaa2c5324aecf3b919899b7a86ff4a"},{"last_affected":"3a6d8df5219653b043bd642668cee193f563ec84"}],"database_specific":{"versions":[{"introduced":"5.12.2"},{"fixed":"5.12.9"},{"introduced":"5.13.0"},{"last_affected":"5.13.2"},{"introduced":"5.14.0"},{"last_affected":"5.14.2"}]}}],"versions":["1.1.8","1.2.0","1.2.0beta1","1.2.0beta2","1.2.1","1.2.2","1.2.3","1.2.3-rc1","1.2.3-rc2","1.2.3-rc3","1.2.4","1.2.4-beta1","1.2.4-rc1","1.3.0","1.3.0-rc1","1.3.0-rc2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13962.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}