[email protected]NVD:CVE-2024-36048

HistoryMay 18, 2024 - 9:15 p.m.

CVE-2024-36048

2024-05-1821:15:47

CWE-335

[email protected]

web.nvd.nist.gov

qt network authorization

cve-2024-36048

prng

vulnerability

guessable values

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

Low

EPSS

Percentile

15.5%

JSON

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

References

codereview.qt-project.org/c/qt/qtnetworkauth/+/560317

codereview.qt-project.org/c/qt/qtnetworkauth/+/560368

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2024-36048

fedora93 vulnrichment1 mageia1 openvas93 nessus4 freebsd1 debiancve1 osv1 qt1 cve1 ubuntucve1 cvelist1