[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-6093Date: (C)2013-02-24   (M)2023-12-22


The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-52217
USN-1723-1
http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
http://www.openwall.com/lists/oss-security/2013/01/04/6
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
https://bugzilla.redhat.com/show_bug.cgi?id=891955
https://codereview.qt-project.org/#change%2C42461
openSUSE-SU-2013:0204
openSUSE-SU-2013:0211
openSUSE-SU-2013:0256

CWE    1
CWE-310
OVAL    4
oval:org.secpod.oval:def:104429
oval:org.secpod.oval:def:701175
oval:org.secpod.oval:def:104504
oval:org.secpod.oval:def:104515
...

© SecPod Technologies