CVE-2024-36048

2024-05-1800:00:00

mitre

github.com

network authorization

vulnerability

cve-2024-36048

prng

guessable values

AI Score

6.9

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:qt:qt_network_authorization:*:*:*:*:*:*:*:*"
    ],
    "vendor": "qt",
    "product": "qt_network_authorization",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.15.17",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:qt:qt_network_authorization:*:*:*:*:*:*:*:*"
    ],
    "vendor": "qt",
    "product": "qt_network_authorization",
    "versions": [
      {
        "status": "affected",
        "version": "6x",
        "lessThan": "6.2.13",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6.3x",
        "versionType": "custom",
        "lessThanOrEqual": "6.5x"
      },
      {
        "status": "affected",
        "version": "6.3x",
        "lessThan": "6.5.6",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6.6x",
        "versionType": "custom",
        "lessThanOrEqual": "6.7x"
      },
      {
        "status": "affected",
        "version": "6.6x",
        "lessThan": "6.71",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]