CVE-2024-30161

Опубликовано: 24 мар. 2024

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

A flaw was found in the qt6 package where the WebAssembly (wasm) component may access the network reply header due to a dangling pointer. This issue may allow an attacker to gain access to restricted data, impacting data confidentiality and integrity.

Отчет

The packages qt4 and qt5 are not vulnerable to this flaw.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2024-30161

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-825

https://bugzilla.redhat.com/show_bug.cgi?id=2271518qt6: wasm component may access QNetworkReply header improperly

EPSS

Процентиль: 22%

0.00071

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-30161

CVSS3: 6.5

ubuntu

около 1 года назад

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

CVE-2024-30161

CVSS3: 6.5

nvd

около 1 года назад

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

CVE-2024-30161

CVSS3: 6.5

msrc

5 месяцев назад

Описание отсутствует

CVE-2024-30161

CVSS3: 6.5

debian

около 1 года назад

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be acce ...

SUSE-SU-2024:1174-1

suse-cvrf

около 1 года назад

Security update for qt6-base

EPSS

Процентиль: 22%

0.00071

Низкий

6.5 Medium

CVSS3