EUVD-2025-18092

Malicious code in bioql PyPI...

Security advisory: Recently discovered Use After Free issue in QHttp2ProtocolHandler impacts Qt

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This has been assigned the CVE id CVE-2025-5991. Affected versions: Qt version 6.9.0. This is fixed in 6.9.1. Impact: This only affects HTTP/2 handling, HTTP handling is not affected by this at all...

CVE-2025-5991

A use-after-free vulnerability has been discovered in Qt's QHttp2ProtocolHandler function. This vulnerability only affects HTTP/2 handling and is the result of a race condition between HTTP body and error response handling. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

UBUNTU-CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

CVE-2025-5991 Use after free in QHttp2ProtocolHandler

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

CVE-2025-5991 Use after free in QHttp2ProtocolHandler

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

CVE-2025-5991

CVE-2025-5991 affects Qt 6.9.0 and is fixed in Qt 6.9.1. The vulnerability is a Use After Free in QtNetwork’s QHttp2ProtocolHandler, caused by a race between QHttp2Stream’s POST body upload and simultaneous handling of HTTP error responses. It only impacts HTTP/2 handling (not HTTP). Exploitation...

PT-2025-25184 · Qt Company +1 · Qt +1

Name of the Vulnerable Software and Affected Versions: Qt versions 6.9.0 Description: The issue is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module, affecting only HTTP/2 handling. This occurs due to a race condition between uploading the body of a POST reque...