Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-13962

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

  • Published: Jun 9, 2020
  • Updated: Apr 13, 2023
  • CVE: CVE-2020-13962
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Software From Fixed in
mumble / mumble 1.3.0 1.3.0.x
qt / qt 5.14.0 5.14.2.x
qt / qt 5.13.0 5.13.2.x
qt / qt 5.12.2 5.12.9
fedoraproject / fedora 31 31.x
fedoraproject / fedora 32 32.x
fedoraproject / fedora 33 33.x
opensuse / leap 15.2 15.2.x