QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
[
{
"cpes": [
"cpe:2.3:a:qt:qt_network_authorization:*:*:*:*:*:*:*:*"
],
"vendor": "qt",
"product": "qt_network_authorization",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "5.15.17",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:qt:qt_network_authorization:*:*:*:*:*:*:*:*"
],
"vendor": "qt",
"product": "qt_network_authorization",
"versions": [
{
"status": "affected",
"version": "6x",
"lessThan": "6.2.13",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.3x",
"versionType": "custom",
"lessThanOrEqual": "6.5x"
},
{
"status": "affected",
"version": "6.3x",
"lessThan": "6.5.6",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.6x",
"versionType": "custom",
"lessThanOrEqual": "6.7x"
},
{
"status": "affected",
"version": "6.6x",
"lessThan": "6.71",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/