CVE-2012-6093

Qt < 4.6.5, 4.7.x < 4.7.6, 4.8.x < 4.8.5 - Certificate Validation Bypass via QSslSocket::sslErrors

Title source: llm
STIX 2.1

Description

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.

References (12)

Core 12
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
Various Sources x_refsource_confirm
https://codereview.qt-project.org/#change%2C42461
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1723-1
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52217
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
Vendor Advisory mailing-list x_refsource_mlist
http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/01/04/6
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=891955

Scores

EPSS 0.0178
EPSS Percentile 75.7%

Details

CWE
CWE-310
Status published
Products (24)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
opensuse/opensuse 11.4
opensuse/opensuse 12.2
qt/qt 4.6.0 (2 CPE variants)
qt/qt 4.6.1
qt/qt 4.6.2
qt/qt 4.6.3
... and 14 more
Published Feb 24, 2013
Tracked Since Feb 18, 2026