Описание
Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qt | Out of support scope | ||
| Red Hat Enterprise Linux 6 | qt3 | Not affected | ||
| Red Hat Enterprise Linux 7 | qt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qt3 | Not affected | ||
| Red Hat Enterprise Linux 8 | qt5-qtbase | Not affected | ||
| Red Hat Enterprise Linux 9 | qt5-qtbase | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
7.8 High
CVSS3