5

CVE-2010-2621

Exploit
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiaQt Version <= 4.6.3
QtQt Version4.0.0
QtQt Version4.0.1
QtQt Version4.1.0
QtQt Version4.1.1
QtQt Version4.1.2
QtQt Version4.1.3
QtQt Version4.1.4
QtQt Version4.1.5
QtQt Version4.2.0
QtQt Version4.2.1
QtQt Version4.2.3
QtQt Version4.3.0
QtQt Version4.3.1
QtQt Version4.3.2
QtQt Version4.3.3
QtQt Version4.3.4
QtQt Version4.3.5
QtQt Version4.4.0
QtQt Version4.4.1
QtQt Version4.4.2
QtQt Version4.4.3
QtQt Version4.5.0
QtQt Version4.5.1
QtQt Version4.5.2
QtQt Version4.5.3
QtQt Version4.6.0
QtQt Version4.6.0 Updaterc1
QtQt Version4.6.1
QtQt Version4.6.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.54% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://aluigi.org/adv/qtsslame-adv.txt
http://aluigi.org/poc/qtsslame.zip
Exploit
http://osvdb.org/65860
http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597
http://secunia.com/advisories/40389
Vendor Advisory
http://secunia.com/advisories/46410
Vendor Advisory
http://www.securityfocus.com/bid/41250
Exploit
http://www.vupen.com/english/advisories/2010/1657
Vendor Advisory
https://hermes.opensuse.org/messages/12056605