CVE-2024-36048

CRITICAL

Qt <5.15.17, <6.2.13, <6.3-6.5.<6.5.6, <6.6-6.7.<6.7.1 - Info Discl...

Title source: llm

Description

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

References (8)

[Patch] https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317

[Patch] https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/

Scores

CVSS v3 9.8

EPSS 0.0048

EPSS Percentile 64.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-335

Status published

Affected Products (3)

qt/qt < 5.15.17

fedoraproject/fedora

Timeline

Published May 18, 2024

Tracked Since Feb 18, 2026