FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e2f981f1-ad9e-11ee-8b55-4ccc6adda413	QtNetwork -- potential buffer overflow Andy Shaw reports: A potential integer overflow has been discovered in Qt's HTTP2 implementation. If the HTTP2 implementation receives more than 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow. Discovery 2023-12-14 Entry 2024-01-07 qt5-network < 5.15.12p148_1 qt6-base < 6.6.1_2 CVE-2023-51714 https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation
e79cc4e2-12d7-11ef-83d8-4ccc6adda413	qt6-base (core module) -- Invalid pointer in QStringConverter Andy Shaw reports: QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable. This requires: the attacker be able to tell the application a specific codec to use the attacker be able to feed the application data in a specific way to cause the desired modification the attacker what in the stack will get modified, which requires knowing the build of the application (and not all builds will be vulnerable) the modification do anything in particular that is useful to the attacker, besides maybe crashing the application Qt does not automatically use any of those codecs, so this needs the application to implement something using QStringDecoder to be vulnerable. Discovery 2024-05-02 Entry 2024-05-15 qt6-base >= 6.5.0 le 6.5.5 >= 6.6.0 lt 6.7.0 CVE-2024-33861 https://www.qt.io/blog/security-advisory-qstringconverter

VuXML ID

Description

e2f981f1-ad9e-11ee-8b55-4ccc6adda413

QtNetwork -- potential buffer overflow

Andy Shaw reports:

A potential integer overflow has been discovered in Qt's HTTP2 implementation. If the HTTP2 implementation receives more than 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow.

Discovery 2023-12-14
Entry 2024-01-07
qt5-network

< 5.15.12p148_1

qt6-base

< 6.6.1_2

CVE-2023-51714
https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation

e79cc4e2-12d7-11ef-83d8-4ccc6adda413

qt6-base (core module) -- Invalid pointer in QStringConverter

Andy Shaw reports:

QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable.

This requires:

the attacker be able to tell the application a specific codec to use

the attacker be able to feed the application data in a specific way to cause the desired modification

the attacker what in the stack will get modified, which requires knowing the build of the application (and not all builds will be vulnerable)

the modification do anything in particular that is useful to the attacker, besides maybe crashing the application

Qt does not automatically use any of those codecs, so this needs the application to implement something using QStringDecoder to be vulnerable.

Discovery 2024-05-02
Entry 2024-05-15
qt6-base

>= 6.5.0 le 6.5.5

>= 6.6.0 lt 6.7.0

CVE-2024-33861
https://www.qt.io/blog/security-advisory-qstringconverter