Qt 5.12.2 through 5.14.2 as used in unofficial builds of Mumble 1.3.0 and other products mishandles OpenSSL's error queue which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected regardless of the Qt version.)

...

Oracle Linux 8 : qt5-qtbase / and / qt5-qtwebsockets (ELSA-2020-4690)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4690 advisory. qt5-qtbase 5.12.5-6 - OpenSSL: handle SSLshutdowns errors properly Resolves: bz1851538 5.12.5-5 - Fix: Files placed by attacker can influence the worki...

qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails...

AZL-6835 CVE-2020-13962 affecting package qt5-qtsvg for versions less than 5.12.11-3

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails...

DEBIAN-CVE-2020-13962

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails...

UBUNTU-CVE-2020-13962

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails...

CVE-2020-13962

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails...

CVE-2020-13962

CVE-2020-13962 affects Qt 5.12.2–5.14.2 as used in unofficial builds of Mumble 1.3.0 and other products. The issue arises from mishandling OpenSSL’s error queue, causing a denial of service to QSslSocket users and, due to error leakage across sessions, potentially disconnecting another session wh...

FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)

Secunia reports : A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of...

lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability

Secunia reports: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of...

CVE-2005-2532

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service client disconnection via a large number of packets that can not be decrypted...

CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial o...

openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients

James Yonan reports: If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client...