VDB
CVE-2024-36048
CVE-2024-36048
PUBLISHED
CVSS 9.800000190734863 CRITICAL
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
EPSS 0.48% · 65.6th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.48%
65.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| qt | qt | 6.0.0, 0, 6.6.0 |
| fedoraproject | fedora | 39, 40 |
| qt | qt_network_authorization | 0, 6.6x, 6.6x |
Exploit Intelligence
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ (circl)
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 (circl)
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 (circl)
- FEDORA-2024-3936682805 (circl)
- FEDORA-2024-bfb8617ba3 (circl)
- FEDORA-2024-2e27372d4c (circl)
Timeline
- May 18, 2024 CVE Published
- Jun 11, 2024 EPSS Score
- Jul 4, 2024 EPSS Score
- Jul 27, 2024 EPSS Score
- Aug 19, 2024 EPSS Score
- Sep 11, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 27, 2024 EPSS Score
- Nov 19, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
- Jan 28, 2025 EPSS Score
References
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 url
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 url
- FEDORA-2024-3936682805 vendor-advisory
- FEDORA-2024-bfb8617ba3 vendor-advisory
- FEDORA-2024-2e27372d4c vendor-advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-36048 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM url