CVE-2012-6093
Qt < 4.6.5, 4.7.x < 4.7.6, 4.8.x < 4.8.5 - Certificate Validation Bypass via QSslSocket::sslErrors
Title source: llmDescription
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
References (12)
Core 12
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
Various Sources x_refsource_confirm
https://codereview.qt-project.org/#change%2C42461
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1723-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52217
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
Patch x_refsource_confirm
http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
Patch x_refsource_confirm
http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/01/04/6
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=891955
Scores
EPSS
0.0178
EPSS Percentile
75.7%
Details
CWE
CWE-310
Status
published
Products (24)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
opensuse/opensuse
11.4
opensuse/opensuse
12.2
qt/qt
4.6.0 (2 CPE variants)
qt/qt
4.6.1
qt/qt
4.6.2
qt/qt
4.6.3
... and 14 more
Published
Feb 24, 2013
Tracked Since
Feb 18, 2026