CVE-2020-17507 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
qt	qt	𝑥 ≤ 5.12.9
qt	qt	5.13.0 ≤ 𝑥 < 5.15.1
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qtbase-opensource-src

bookworm	5.15.8+dfsg-11+deb12u2 fixed
bullseye	5.15.2+dfsg-9+deb11u1 fixed
sid	5.15.15+dfsg-2 fixed
trixie	5.15.13+dfsg-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

qt4-x11

bionic	needed
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	needed
xenial	needed

qtbase-opensource-src

bionic	Fixed 5.9.5+dfsg-0ubuntu2.6 released
focal	needed
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	needed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html

https://codereview.qt-project.org/c/qt/qtbase/+/308436

https://codereview.qt-project.org/c/qt/qtbase/+/308495

https://codereview.qt-project.org/c/qt/qtbase/+/308496

https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html

https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/

https://security.gentoo.org/glsa/202009-04

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html

https://codereview.qt-project.org/c/qt/qtbase/+/308436

https://codereview.qt-project.org/c/qt/qtbase/+/308495

https://codereview.qt-project.org/c/qt/qtbase/+/308496

https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html

https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/

https://security.gentoo.org/glsa/202009-04