QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
References
Configurations
History
30 Jun 2025, 15:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Qt qt
Qt Fedoraproject Fedoraproject fedora |
|
References | () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 - Patch | |
References | () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 - Patch | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* |
21 Nov 2024, 09:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 - | |
References | () https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ - |
08 Aug 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-335 |
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
18 May 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-18 21:15
Updated : 2025-06-30 15:21
NVD link : CVE-2024-36048
Mitre link : CVE-2024-36048
CVE.ORG link : CVE-2024-36048
JSON object : View
Products Affected
qt
- qt
fedoraproject
- fedora
CWE
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)