Lucene search

K

Andy ShawQT:F8B85E5D9E631A43BA623312FFAB1C5F

HistoryApr 18, 2024 - 12:00 a.m.

Security advisory: Potential Use-After-Free issue in Qt for WebAssembly’s implementation of QNetworkReply

2024-04-1800:00:00

Andy Shaw

www.qt.io

14

security advisory

use-after-free

qt

webassembly

qnetworkreply

cve-2024-30161

patch

update

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.0%

A recently reported potential Use-After-Free issue in Qt’s wasm implementation of QNetworkReply has been assigned the CVE id CVE-2024-30161.

The issue was discovered in Qt versions 6.5.4, 6.5.5, and 6.6.2.

QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly if using the affected versions.

Solution: Apply the following patch or update to Qt 6.5.6 or 6.6.3

Patches:

dev: <https://codereview.qt-project.org/c/qt/qtbase/+/544314>
Qt 6.6: <https://codereview.qt-project.org/c/qt/qtbase/+/548060> or <https://download.qt.io/official_releases/qt/6.6/CVE-2024-30161-qtbase-6.6.diff>
Qt 6.5: <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/548490> or <https://download.qt.io/official_releases/qt/6.5/CVE-2024-30161-qtbase-6.5.diff>

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.0%

Related for QT:F8B85E5D9E631A43BA623312FFAB1C5F

vulnrichment1 cve1 nessus1 osv1 debiancve1 ubuntucve1 nvd1 redhatcve1 cvelist1 openvas1