QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
References
Configurations
No configuration.
History
21 Nov 2024, 09:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 - | |
References | () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ - |
08 Aug 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-335 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
18 May 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-18 21:15
Updated : 2024-11-21 09:21
NVD link : CVE-2024-36048
Mitre link : CVE-2024-36048
CVE.ORG link : CVE-2024-36048
JSON object : View
Products Affected
No product.
CWE
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)