ID CVE-2020-13962
Summary Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References
Vulnerable Configurations
  • cpe:2.3:a:mumble:mumble:1.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:mumble:mumble:1.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.14.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-08-2021 - 14:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1849734
title CVE-2020-13962 qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment qt5-qtwebsockets is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690001
        • comment qt5-qtwebsockets is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135010
      • AND
        • comment qt5-qtwebsockets-debugsource is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690003
        • comment qt5-qtwebsockets-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201665180
      • AND
        • comment qt5-qtwebsockets-devel is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690005
        • comment qt5-qtwebsockets-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135012
      • AND
        • comment qt5-qtwebsockets-examples is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690007
        • comment qt5-qtwebsockets-examples is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135016
      • AND
        • comment qt5-assistant is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690009
        • comment qt5-assistant is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135158
      • AND
        • comment qt5-designer is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690011
        • comment qt5-designer is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135160
      • AND
        • comment qt5-doctools is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690013
        • comment qt5-doctools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135162
      • AND
        • comment qt5-linguist is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690015
        • comment qt5-linguist is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135164
      • AND
        • comment qt5-qdbusviewer is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690017
        • comment qt5-qdbusviewer is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135166
      • AND
        • comment qt5-qttools is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690019
        • comment qt5-qttools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135168
      • AND
        • comment qt5-qttools-common is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690021
        • comment qt5-qttools-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135170
      • AND
        • comment qt5-qttools-debugsource is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690023
        • comment qt5-qttools-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193390036
      • AND
        • comment qt5-qttools-devel is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690025
        • comment qt5-qttools-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135172
      • AND
        • comment qt5-qttools-examples is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690027
        • comment qt5-qttools-examples is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135176
      • AND
        • comment qt5-qttools-libs-designer is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690029
        • comment qt5-qttools-libs-designer is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135178
      • AND
        • comment qt5-qttools-libs-designercomponents is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690031
        • comment qt5-qttools-libs-designercomponents is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135180
      • AND
        • comment qt5-qttools-libs-help is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690033
        • comment qt5-qttools-libs-help is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135182
      • AND
        • comment qt5-qttools-static is earlier than 0:5.12.5-2.el8
          oval oval:com.redhat.rhsa:tst:20204690035
        • comment qt5-qttools-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135184
      • AND
        • comment qt5-qtbase is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690037
        • comment qt5-qtbase is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135116
      • AND
        • comment qt5-qtbase-common is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690039
        • comment qt5-qtbase-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135118
      • AND
        • comment qt5-qtbase-debugsource is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690041
        • comment qt5-qtbase-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193390006
      • AND
        • comment qt5-qtbase-devel is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690043
        • comment qt5-qtbase-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135120
      • AND
        • comment qt5-qtbase-examples is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690045
        • comment qt5-qtbase-examples is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135124
      • AND
        • comment qt5-qtbase-gui is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690047
        • comment qt5-qtbase-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135126
      • AND
        • comment qt5-qtbase-mysql is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690049
        • comment qt5-qtbase-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135128
      • AND
        • comment qt5-qtbase-odbc is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690051
        • comment qt5-qtbase-odbc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135130
      • AND
        • comment qt5-qtbase-postgresql is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690053
        • comment qt5-qtbase-postgresql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135132
      • AND
        • comment qt5-qtbase-private-devel is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690055
        • comment qt5-qtbase-private-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201665226
      • AND
        • comment qt5-qtbase-static is earlier than 0:5.12.5-6.el8
          oval oval:com.redhat.rhsa:tst:20204690057
        • comment qt5-qtbase-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20192135134
rhsa
id RHSA-2020:4690
released 2020-11-04
severity Moderate
title RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate)
rpms
  • qt5-assistant-0:5.12.5-2.el8
  • qt5-assistant-debuginfo-0:5.12.5-2.el8
  • qt5-designer-0:5.12.5-2.el8
  • qt5-designer-debuginfo-0:5.12.5-2.el8
  • qt5-doctools-0:5.12.5-2.el8
  • qt5-doctools-debuginfo-0:5.12.5-2.el8
  • qt5-linguist-0:5.12.5-2.el8
  • qt5-linguist-debuginfo-0:5.12.5-2.el8
  • qt5-qdbusviewer-0:5.12.5-2.el8
  • qt5-qdbusviewer-debuginfo-0:5.12.5-2.el8
  • qt5-qtbase-0:5.12.5-6.el8
  • qt5-qtbase-common-0:5.12.5-6.el8
  • qt5-qtbase-debuginfo-0:5.12.5-6.el8
  • qt5-qtbase-debugsource-0:5.12.5-6.el8
  • qt5-qtbase-devel-0:5.12.5-6.el8
  • qt5-qtbase-devel-debuginfo-0:5.12.5-6.el8
  • qt5-qtbase-examples-0:5.12.5-6.el8
  • qt5-qtbase-examples-debuginfo-0:5.12.5-6.el8
  • qt5-qtbase-gui-0:5.12.5-6.el8
  • qt5-qtbase-gui-debuginfo-0:5.12.5-6.el8
  • qt5-qtbase-mysql-0:5.12.5-6.el8
  • qt5-qtbase-mysql-debuginfo-0:5.12.5-6.el8
  • qt5-qtbase-odbc-0:5.12.5-6.el8
  • qt5-qtbase-odbc-debuginfo-0:5.12.5-6.el8
  • qt5-qtbase-postgresql-0:5.12.5-6.el8
  • qt5-qtbase-postgresql-debuginfo-0:5.12.5-6.el8
  • qt5-qtbase-private-devel-0:5.12.5-6.el8
  • qt5-qtbase-static-0:5.12.5-6.el8
  • qt5-qtbase-tests-debuginfo-0:5.12.5-6.el8
  • qt5-qttools-0:5.12.5-2.el8
  • qt5-qttools-common-0:5.12.5-2.el8
  • qt5-qttools-debuginfo-0:5.12.5-2.el8
  • qt5-qttools-debugsource-0:5.12.5-2.el8
  • qt5-qttools-devel-0:5.12.5-2.el8
  • qt5-qttools-devel-debuginfo-0:5.12.5-2.el8
  • qt5-qttools-examples-0:5.12.5-2.el8
  • qt5-qttools-examples-debuginfo-0:5.12.5-2.el8
  • qt5-qttools-libs-designer-0:5.12.5-2.el8
  • qt5-qttools-libs-designer-debuginfo-0:5.12.5-2.el8
  • qt5-qttools-libs-designercomponents-0:5.12.5-2.el8
  • qt5-qttools-libs-designercomponents-debuginfo-0:5.12.5-2.el8
  • qt5-qttools-libs-help-0:5.12.5-2.el8
  • qt5-qttools-libs-help-debuginfo-0:5.12.5-2.el8
  • qt5-qttools-static-0:5.12.5-2.el8
  • qt5-qttools-tests-debuginfo-0:5.12.5-2.el8
  • qt5-qtwebsockets-0:5.12.5-2.el8
  • qt5-qtwebsockets-debuginfo-0:5.12.5-2.el8
  • qt5-qtwebsockets-debugsource-0:5.12.5-2.el8
  • qt5-qtwebsockets-devel-0:5.12.5-2.el8
  • qt5-qtwebsockets-devel-debuginfo-0:5.12.5-2.el8
  • qt5-qtwebsockets-examples-0:5.12.5-2.el8
  • qt5-qtwebsockets-examples-debuginfo-0:5.12.5-2.el8
  • qt5-qtwebsockets-tests-debuginfo-0:5.12.5-2.el8
refmap via4
fedora
  • FEDORA-2020-8372f6bae4
  • FEDORA-2020-ca26a3f832
  • FEDORA-2020-f869e01557
gentoo GLSA-202007-18
misc
suse openSUSE-SU-2020:1319
Last major update 11-08-2021 - 14:29
Published 09-06-2020 - 00:15
Last modified 11-08-2021 - 14:29
Back to Top