CVE-2020-0570

EUVD-2020-2068
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
qtqt
𝑥
< 5.9.10
qtqt
5.10.0 ≤
𝑥
< 5.12.7
qtqt
5.13.0 ≤
𝑥
< 5.14.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qtbase-opensource-src
bookworm
5.15.8+dfsg-11+deb12u2
fixed
bullseye
5.15.2+dfsg-9+deb11u1
fixed
jessie
not-affected
sid
5.15.15+dfsg-2
fixed
stretch
not-affected
trixie
5.15.13+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qtbase-opensource-src
bionic
not-affected
eoan
Fixed 5.12.4+dfsg-4ubuntu1.1
released
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
https://bugreports.qt.io/browse/QTBUG-81272
https://bugzilla.redhat.com/show_bug.cgi?id=1800604
https://lists.qt-project.org/pipermail/development/2020-January/038534.html
https://bugreports.qt.io/browse/QTBUG-81272
https://bugzilla.redhat.com/show_bug.cgi?id=1800604
https://lists.qt-project.org/pipermail/development/2020-January/038534.html