CVE-2018-21035
HIGHQt < 5.14.1 - Denial of Service via WebSocket Frame and Message Size Limits
Title source: llmDescription
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
Exploit, Third Party Advisory x_refsource_misc
https://bugreports.qt.io/browse/QTBUG-70693
Scores
CVSS v3
7.5
EPSS
0.0228
EPSS Percentile
80.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (1)
qt/qt
< 5.14.1
Published
Feb 28, 2020
Tracked Since
Feb 18, 2026