Описание
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 3.5.2-0ubuntu18.5 |
| devel | released | 3.5.7-1ubuntu14 |
| edgy | released | 3.5.5-0ubuntu3.5 |
| feisty | released | 3.5.6-0ubuntu14.1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 3.3.6-1ubuntu6.4 |
| devel | released | 3.3.8really3.3.7-0ubuntu10 |
| edgy | released | 3.3.6-3ubuntu3.3 |
| feisty | released | 3.3.8really3.3.7-0ubuntu5.2 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | released | 4.3.1-0ubuntu2 |
| edgy | not-affected | |
| feisty | not-affected | |
| upstream | needs-triage |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does n ...
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность защищаемой информации
4.3 Medium
CVSS2