Описание
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qt6-base | fixed | 6.4.2+dfsg-21 | package | |
| qt6-base | no-dsa | bookworm | package | |
| qtbase-opensource-src | fixed | 5.15.10+dfsg-6 | package | |
| qtbase-opensource-src | fixed | 5.15.8+dfsg-11+deb12u2 | bookworm | package |
| qtbase-opensource-src | fixed | 5.15.2+dfsg-9+deb11u1 | bullseye | package |
| qtbase-opensource-src-gles | fixed | 5.15.10+dfsg-4 | package | |
| qtbase-opensource-src-gles | no-dsa | bookworm | package | |
| qtbase-opensource-src-gles | no-dsa | bullseye | package |
Примечания
https://codereview.qt-project.org/c/qt/qtbase/+/524864
https://codereview.qt-project.org/c/qt/qtbase/+/524865/3
Связанные уязвимости
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
