CVE-2024-30161

Опубликовано: 24 мар. 2024

Источник: redhat

CVSS3: 6.5

Описание

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

A flaw was found in the qt6 package where the WebAssembly (wasm) component may access the network reply header due to a dangling pointer. This issue may allow an attacker to gain access to restricted data, impacting data confidentiality and integrity.

Отчет

The packages qt4 and qt5 are not vulnerable to this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	qt6	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-825

https://bugzilla.redhat.com/show_bug.cgi?id=2271518qt6: wasm component may access QNetworkReply header improperly

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-30161

CVSS3: 6.5

ubuntu

больше 1 года назад

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

CVE-2024-30161

CVSS3: 6.5

nvd

больше 1 года назад

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)