Logo
vulnerabilityCVE-2024-36048
Name
CVE-2024-36048
Source
NVD ( link)Debian ( link)
Description
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
CWEs
CWE-335
Published Date
Updated Date
Workaround
-
Advisories
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317Patch
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/Third Party Advisory
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317Patch
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/Third Party Advisory

Analysis#

Affected Component
Analysis
qt5base
Exploitable

Vulnerability Ratings#

9.8
CVSSv31
NaN
other

Others affected components#

Name
Project
Project Version
Version
Status
qt5base
buildroot
master
bebdfd54917e25d1c100e6bd9f5dd53c2e645fd8
Not Affected
qt6base
buildroot
master
6.9.1
Not Affected