Описание
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qt | Not affected | ||
| Red Hat Enterprise Linux 6 | qt3 | Not affected | ||
| Red Hat Enterprise Linux 7 | qt | Not affected | ||
| Red Hat Enterprise Linux 7 | qt3 | Not affected | ||
| Red Hat Enterprise Linux 8 | qt5 | Fixed | RHSA-2022:7482 | 08.11.2022 |
| Red Hat Enterprise Linux 9 | qt5 | Fixed | RHSA-2022:8022 | 15.11.2022 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...
7.8 High
CVSS3