CVE-2020-0570

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
qtqt
𝑥
< 5.9.10
qtqt
5.10.0 ≤
𝑥
< 5.12.7
qtqt
5.13.0 ≤
𝑥
< 5.14.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qtbase-opensource-src
bullseye
5.15.2+dfsg-9+deb11u1
fixed
stretch
not-affected
jessie
not-affected
bookworm
5.15.8+dfsg-11+deb12u2
fixed
trixie
5.15.13+dfsg-4
fixed
sid
5.15.15+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qtbase-opensource-src
eoan
Fixed 5.12.4+dfsg-4ubuntu1.1
released
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://bugreports.qt.io/browse/QTBUG-81272
https://bugzilla.redhat.com/show_bug.cgi?id=1800604
https://lists.qt-project.org/pipermail/development/2020-January/038534.html
https://bugreports.qt.io/browse/QTBUG-81272
https://bugzilla.redhat.com/show_bug.cgi?id=1800604
https://lists.qt-project.org/pipermail/development/2020-January/038534.html