CVE-2012-6093

{"id": "CVE-2012-6093", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-24T19:55:00.907", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html", "source": "secalert@redhat.com"}, {"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29", "source": "secalert@redhat.com"}, {"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52217", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1723-1", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955", "source": "secalert@redhat.com"}, {"url": "https://codereview.qt-project.org/#change%2C42461", "source": "secalert@redhat.com"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52217", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1723-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://codereview.qt-project.org/#change%2C42461", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate."}, {"lang": "es", "value": "La funci\u00f3n QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan ciertas versiones de openSSL, usa un dise\u00f1o de estructura incompatible que puede leer memoria desde una direcci\u00f3n erronea, lo que produce que Qt reporte un error incorrecto cuando el certificado de validaci\u00f3n falle y puede causar a los usuarios que hagan decisiones de seguridad inseguras para aceptar certificados."}], "lastModified": "2024-11-21T01:45:48.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qt:qt:*:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89E6A634-D297-42AF-B001-48BCBB89C240", "versionEndIncluding": "4.6.5"}, {"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8"}, {"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F"}, {"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD"}, {"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888"}, {"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1"}, {"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19"}, {"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2"}, {"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66"}, {"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB"}, {"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96"}, {"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0"}, {"criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE"}, {"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9"}, {"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24"}, {"criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534"}, {"criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}