CVE-2024-36048

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

History

30 Jun 2025, 15:21

Type Values Removed Values Added
First Time Qt qt
Qt
Fedoraproject
Fedoraproject fedora
References () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 - () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 - Patch
References () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 - () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 - Patch
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ - Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

21 Nov 2024, 09:21

Type Values Removed Values Added
References () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 - () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 -
References () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 - () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ -

08 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-335

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ -

10 Jun 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ -
Summary
  • (es) QAbstractOAuth en Qt Network Authorization en Qt antes de 5.15.17, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.6 y 6.6.x hasta 6.7.x antes de 6.7.1 usa solo el tiempo de inicialización PRNG, lo que puede dar como resultado valores adivinables.

18 May 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-18 21:15

Updated : 2025-06-30 15:21


NVD link : CVE-2024-36048

Mitre link : CVE-2024-36048

CVE.ORG link : CVE-2024-36048


JSON object : View

Products Affected

qt

  • qt

fedoraproject

  • fedora
CWE
CWE-335

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)