CVE-2024-36048

EUVD-2024-35852
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
qtqt
𝑥
< 5.15.17
qtqt
6.0.0 ≤
𝑥
< 6.2.13
qtqt
6.3.0 ≤
𝑥
< 6.5.6
qtqt
6.6.0 ≤
𝑥
< 6.7.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
qtqt_network_authorization
𝑥
< 5.15.17
ADP
qtqt_network_authorization
6x ≤
𝑥
< 6.2.13
ADP
qtqt_network_authorization
6.3x ≤
𝑥
≤ 6.5x
ADP
qtqt_network_authorization
6.3x ≤
𝑥
< 6.5.6
ADP
qtqt_network_authorization
6.6x ≤
𝑥
≤ 6.7x
ADP
qtqt_network_authorization
6.6x ≤
𝑥
< 6.71
ADP
Debian logo
Debian Releases
Debian Product
Codename
qt6-networkauth
bookworm
ignored
bullseye
no-dsa
buster
postponed
forky
6.9.2-3
fixed
sid
6.9.2-3
fixed
trixie
6.8.2-4
fixed
qtnetworkauth-everywhere-src
bookworm
ignored
bullseye
no-dsa
buster
postponed
forky
5.15.17-2
fixed
sid
5.15.17-2
fixed
trixie
5.15.15-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qtnetworkauth-everywhere-src
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
Common Weakness Enumeration
References
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/