CVE-2024-30161 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Affected Products (NVD)

Vendor	Product	Version
qt	qt	6.5.4
qt	qt	6.5.5
qt	qt	6.6.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qt6-base

bookworm	6.4.2+dfsg-10 fixed
forky	6.9.2+dfsg-3 fixed
sid	6.9.2+dfsg-3 fixed
trixie	6.8.2+dfsg-9+deb13u1 fixed

qtbase-opensource-src

bookworm	5.15.8+dfsg-11+deb12u3 fixed
bullseye	5.15.2+dfsg-9+deb11u1 fixed
bullseye (security)	5.15.2+dfsg-9+deb11u2 fixed
forky	5.15.17+dfsg-5 fixed
sid	5.15.17+dfsg-6 fixed
trixie	5.15.15+dfsg-6 fixed

qtbase-opensource-src-gles

bookworm	5.15.8+dfsg-3 fixed
bullseye	5.15.2+dfsg-4 fixed
forky	5.15.17+dfsg-2 fixed
sid	5.15.17+dfsg-2 fixed
trixie	5.15.15+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

qt6-base

focal	dne
jammy	needs-triage
mantic	ignored
noble	needs-triage
oracular	ignored
plucky	needs-triage
questing	needs-triage

qtbase-opensource-src-gles

focal	needs-triage
jammy	needs-triage
mantic	ignored
noble	needs-triage
oracular	ignored
plucky	needs-triage
questing	needs-triage
xenial	needs-triage

qtbase-opensource-src

bionic	not-affected
focal	not-affected
jammy	not-affected
mantic	ignored
noble	not-affected
oracular	ignored
plucky	not-affected
questing	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://codereview.qt-project.org/c/qt/qtbase/+/544314

https://codereview.qt-project.org/c/qt/qtbase/+/544314