4.3

CVE-2007-0242

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QtQt Version3.3.8
QtQt Version4.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.05% 0.788
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
http://secunia.com/advisories/26857
http://secunia.com/advisories/24889
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://secunia.com/advisories/27108
http://www.redhat.com/support/errata/RHSA-2007-0909.html
http://fedoranews.org/updates/FEDORA-2007-703.shtml
http://rhn.redhat.com/errata/RHSA-2011-1324.html
http://secunia.com/advisories/24699
http://secunia.com/advisories/24705
http://secunia.com/advisories/24726
http://secunia.com/advisories/24727
http://secunia.com/advisories/24759
http://secunia.com/advisories/24797
http://secunia.com/advisories/24847
http://secunia.com/advisories/25263
http://secunia.com/advisories/26804
http://secunia.com/advisories/27275
http://secunia.com/advisories/46117
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html
http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html
http://www.debian.org/security/2007/dsa-1292
http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html
http://www.redhat.com/support/errata/RHSA-2007-0883.html
http://www.securityfocus.com/bid/23269
http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350
Patch
http://www.ubuntu.com/usn/usn-452-1
http://www.vupen.com/english/advisories/2007/1212
https://exchange.xforce.ibmcloud.com/vulnerabilities/33397
https://issues.rpath.com/browse/RPL-1202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510