CVE-2024-36048

CRITICAL

Qt <5.15.17, <6.2.13, <6.3-6.5.<6.5.6, <6.6-6.7.<6.7.1 - Info Discl...

Title source: llm

Description

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

References (8)

Core 8

Core References

Patch

https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317

Patch

https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/

Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/

Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/

Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/

Scores

CVSS v3 9.8

EPSS 0.0048

EPSS Percentile 65.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-335

Status published

Products (3)

fedoraproject/fedora 39

fedoraproject/fedora 40

qt/qt < 5.15.17

Published May 18, 2024

Tracked Since Feb 18, 2026