CVE-2024-36048

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Configurations

No configuration.

History

21 Nov 2024, 09:21

Type Values Removed Values Added
References () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 - () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 -
References () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 - () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ -

08 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-335
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ -

10 Jun 2024, 16:15

Type Values Removed Values Added
Summary
  • (es) QAbstractOAuth en Qt Network Authorization en Qt antes de 5.15.17, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.6 y 6.6.x hasta 6.7.x antes de 6.7.1 usa solo el tiempo de inicialización PRNG, lo que puede dar como resultado valores adivinables.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ -

18 May 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-18 21:15

Updated : 2024-11-21 09:21


NVD link : CVE-2024-36048

Mitre link : CVE-2024-36048

CVE.ORG link : CVE-2024-36048


JSON object : View

Products Affected

No product.

CWE
CWE-335

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)