CVE-2020-13962
HIGHMumble 1.3.0 - Denial of Service via OpenSSL Error Queue Mishandling
Title source: llmDescription
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References (8)
Core 8
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/mumble-voip/mumble/pull/4032
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugreports.qt.io/browse/QTBUG-83450
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/mumble-voip/mumble/issues/3679
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202007-18
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/
Scores
CVSS v3
7.5
EPSS
0.0157
EPSS Percentile
81.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (6)
fedoraproject/fedora
31
fedoraproject/fedora
32
fedoraproject/fedora
33
mumble/mumble
1.3.0
opensuse/leap
15.2
qt/qt
5.12.2 - 5.12.9
Published
Jun 09, 2020
Tracked Since
Feb 18, 2026