CVE-2010-2621

Digia QT < 4.6.3 - Improper Input Validation

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2621. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The writeup describes a DoS vulnerability in Qt's QSslSocketBackendPrivate::transmit() function, which can be exploited to cause an endless loop, freezing the application. The vulnerability affects Qt versions <= 4.6.3 and impacts server applications using SSL via QSslSocket.

Description

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/14268

View Code ZIP pw:eip

The writeup describes a DoS vulnerability in Qt's QSslSocketBackendPrivate::transmit() function, which can be exploited to cause an endless loop, freezing the application. The vulnerability affects Qt versions <= 4.6.3 and impacts server applications using SSL via QSslSocket.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Qt <= 4.6.3

No auth needed

Prerequisites: Network access to a vulnerable Qt-based server using SSL

MITRE ATT&CK