CVE-2020-13962
qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
Qt versiones 5.12.2 hasta 5.14.2, como es usado en compilaciones no oficiales de Mumble versión 1.3.0 y otros productos, maneja inapropiadamente la cola de errores de OpenSSL, lo que puede ser capaz de causar una denegación de servicio a usuarios de QSslSocket. Debido a que los errores se filtran en sesiones TLS no relacionadas, una sesión no relacionada puede ser desconectada cuando se comete un fallo en cualquier protocolo de enlace. (Mumble versión 1.3.1 no está afectado, independientemente de la versión Qt)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-08 CVE Reserved
- 2020-06-08 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-391: Unchecked Error Condition
CAPEC
References (10)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/mumble-voip/mumble/issues/3679 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/mumble-voip/mumble/pull/4032 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mumble Search vendor "Mumble" | Mumble Search vendor "Mumble" for product "Mumble" | 1.3.0 Search vendor "Mumble" for product "Mumble" and version "1.3.0" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | >= 5.12.2 < 5.12.9 Search vendor "Qt" for product "Qt" and version " >= 5.12.2 < 5.12.9" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | >= 5.13.0 <= 5.13.2 Search vendor "Qt" for product "Qt" and version " >= 5.13.0 <= 5.13.2" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | >= 5.14.0 <= 5.14.2 Search vendor "Qt" for product "Qt" and version " >= 5.14.0 <= 5.14.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||