Описание
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 5.15.2+dfsg-9 |
| esm-apps/focal | not-affected | 5.12.8+dfsg-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | 5.12.8+dfsg-0ubuntu1 |
| hirsute | not-affected | 5.15.2+dfsg-5ubuntu1 |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 5.15.2+dfsg-4 |
| esm-apps/focal | not-affected | 5.12.8+dfsg-0ubuntu1 |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 5.12.8+dfsg-0ubuntu1 |
| hirsute | not-affected | 5.15.2+dfsg-3ubuntu1 |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
Связанные уязвимости
Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.