4.3

CVE-2012-6093

EPSS 2.28%
Veröffentlicht 24.02.2013 19:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qt ≫ Qt Updaterc Version <= 4.6.5

Qt ≫ Qt Version4.6.0

Qt ≫ Qt Version4.6.0 Updaterc1

Qt ≫ Qt Version4.6.1

Qt ≫ Qt Version4.6.2

Qt ≫ Qt Version4.6.3

Qt ≫ Qt Version4.6.4

Qt ≫ Qt Version4.7.0

Qt ≫ Qt Version4.7.1

Qt ≫ Qt Version4.7.2

Qt ≫ Qt Version4.7.3

Qt ≫ Qt Version4.7.4

Qt ≫ Qt Version4.7.5

Qt ≫ Qt Version4.7.6 Updaterc

Qt ≫ Qt Version4.8.0

Qt ≫ Qt Version4.8.1

Qt ≫ Qt Version4.8.2

Qt ≫ Qt Version4.8.3

Qt ≫ Qt Version4.8.4

Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version11.10

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.28%	0.841

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/52217

Vendor Advisory

http://www.ubuntu.com/usn/USN-1723-1

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582

http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html

http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html

http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html

http://lists.qt-project.org/pipermail/announce/2013-January/000020.html

Vendor Advisory

http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29

http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29

http://www.openwall.com/lists/oss-security/2013/01/04/6

https://bugzilla.redhat.com/show_bug.cgi?id=891955

https://codereview.qt-project.org/#change%2C42461

https://nvd.nist.gov/vuln/detail/CVE-2012-6093

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-6093

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-6093

EUVD