Bug 1172726 - (CVE-2020-13962) VUL-0: CVE-2020-13962: libqt5-qtbase: mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users
(CVE-2020-13962)
VUL-0: CVE-2020-13962: libqt5-qtbase: mishandles OpenSSL's error queue, which...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/260951/
CVSSv3.1:SUSE:CVE-2020-13962:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-09 12:10 UTC by Wolfgang Frisch
Modified: 2022-01-13 11:00 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-06-09 12:10:02 UTC
CVE-2020-13962

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other
products, mishandles OpenSSL's error queue, which can cause a denial of service
to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated
session may be disconnected when any handshake fails. (Mumble 1.3.1 is not
affected, regardless of the Qt version.)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962
https://github.com/mumble-voip/mumble/pull/4032
https://github.com/mumble-voip/mumble/issues/3679
https://bugreports.qt.io/browse/QTBUG-83450
Comment 1 Wolfgang Frisch 2020-06-09 12:10:37 UTC
We don't ship any affected versions of Qt.
Resolved.
Comment 2 Wolfgang Frisch 2020-06-23 13:22:53 UTC
libqt5-qtbase 5.12.7 is affected.
Please submit for SUSE:SLE-15-SP2:Update.
Comment 4 Fabian Vogt 2020-07-27 12:56:04 UTC
I cherry-picked the linked commit and added https://codereview.qt-project.org/c/qt/qtbase/+/293700 as well, that one appears useful too though it's not described what it actually fixes. I guess some OOB read during certificate parsing?
Comment 6 Swamp Workflow Management 2020-08-27 22:18:40 UTC
SUSE-SU-2020:2357-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1172726,1173758
CVE References: CVE-2020-13962
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    libqt5-qtbase-5.12.7-4.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    libqt5-qtbase-5.12.7-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-09-01 19:14:29 UTC
openSUSE-SU-2020:1319-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1172726,1173758
CVE References: CVE-2020-13962
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    libqt5-qtbase-5.12.7-lp152.3.3.1
Comment 9 Wolfgang Frisch 2020-12-09 17:35:34 UTC
(In reply to Fabian Vogt from comment #4)
> I cherry-picked the linked commit and added
> https://codereview.qt-project.org/c/qt/qtbase/+/293700 as well, that one
> appears useful too though it's not described what it actually fixes. I guess
> some OOB read during certificate parsing?

Yes, it appears to be an OOB read.
Thank you for the submissions.
Released.
Comment 10 OBSbugzilla Bot 2022-01-13 11:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (1172726) was mentioned in
https://build.opensuse.org/request/show/946070 Factory / libqt5-qtbase