CVE-2012-6093

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
qtqt
𝑥
≤ 4.6.5
qtqt
4.6.0
qtqt
4.6.0:rc1
qtqt
4.6.1
qtqt
4.6.2
qtqt
4.6.3
qtqt
4.6.4
qtqt
4.7.0
qtqt
4.7.1
qtqt
4.7.2
qtqt
4.7.3
qtqt
4.7.4
qtqt
4.7.5
qtqt
4.7.6:rc
qtqt
4.8.0
qtqt
4.8.1
qtqt
4.8.2
qtqt
4.8.3
qtqt
4.8.4
canonicalubuntu_linux
10.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
opensuseopensuse
11.4
opensuseopensuse
12.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt4-x11
quantal
Fixed 4:4.8.3+dfsg-0ubuntu3.1
released
precise
Fixed 4:4.8.1-0ubuntu4.4
released
oneiric
Fixed 4:4.7.4-0ubuntu8.3
released
lucid
Fixed 4:4.6.2-0ubuntu5.6
released
hardy
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
http://secunia.com/advisories/52217
http://www.openwall.com/lists/oss-security/2013/01/04/6
http://www.ubuntu.com/usn/USN-1723-1
https://bugzilla.redhat.com/show_bug.cgi?id=891955
https://codereview.qt-project.org/#change%2C42461
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
http://secunia.com/advisories/52217
http://www.openwall.com/lists/oss-security/2013/01/04/6
http://www.ubuntu.com/usn/USN-1723-1
https://bugzilla.redhat.com/show_bug.cgi?id=891955
https://codereview.qt-project.org/#change%2C42461