Candidate: CVE-2020-13962
PublicDate: 2020-06-09 00:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962
 https://github.com/mumble-voip/mumble/pull/4032
Description:
 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and
 other products, mishandles OpenSSL's error queue, which can cause a denial
 of service to QSslSocket users. Because errors leak in unrelated TLS
 sessions, an unrelated session may be disconnected when any handshake
 fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugreports.qt.io/browse/QTBUG-83450
 https://github.com/mumble-voip/mumble/issues/3679
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_qtbase-opensource-src:
upstream_qtbase-opensource-src: needs-triage
precise/esm_qtbase-opensource-src: DNE
trusty_qtbase-opensource-src: ignored (out of standard support)
trusty/esm_qtbase-opensource-src: DNE
xenial_qtbase-opensource-src: not-affected (5.5.1+dfsg-16ubuntu7.7)
esm-infra/xenial_qtbase-opensource-src: not-affected (5.5.1+dfsg-16ubuntu7.7)
bionic_qtbase-opensource-src: not-affected (5.9.5+dfsg-0ubuntu2.5)
eoan_qtbase-opensource-src: ignored (reached end-of-life)
focal_qtbase-opensource-src: needed
groovy_qtbase-opensource-src: not-affected (5.14.2+dfsg-6)
hirsute_qtbase-opensource-src: not-affected (5.14.2+dfsg-6)
impish_qtbase-opensource-src: not-affected (5.14.2+dfsg-6)
jammy_qtbase-opensource-src: not-affected (5.14.2+dfsg-6)
devel_qtbase-opensource-src: not-affected (5.14.2+dfsg-6)