Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5991

Опубликовано: 11 июн. 2025
Источник: redhat
CVSS3: 5.6

Описание

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

A use-after-free vulnerability has been discovered in Qt's QHttp2ProtocolHandler function. This vulnerability only affects HTTP/2 handling and is the result of a race condition between HTTP body and error response handling.

Отчет

The specific versions of Qt affected are not shipped in RedHat products.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10qt6Not affected
Red Hat Enterprise Linux 6qtNot affected
Red Hat Enterprise Linux 6qt3Not affected
Red Hat Enterprise Linux 7qtNot affected
Red Hat Enterprise Linux 7qt3Not affected
Red Hat Enterprise Linux 8qt5Not affected
Red Hat Enterprise Linux 9qt5Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2371671qt: Use after free in Qt

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-5991

ubuntu
7 дней назад

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

nvd логотип

CVE-2025-5991

nvd
7 дней назад

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

debian логотип

CVE-2025-5991

debian
7 дней назад

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandle ...

github логотип

GHSA-xv5c-vg59-hj7x

github
7 дней назад

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

5.6 Medium

CVSS3