FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-09-18 07:05:22 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f5fa174d-19de-11ef-83d8-4ccc6adda413	QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flow. Discovery 2024-05-08 Entry 2024-05-24 qt5-networkauth < 5.15.13_1 qt6-networkauth < 6.7.1 CVE-2024-36048 https://www.qt.io/blog/security-advisory-qstringconverter-0 https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317

VuXML ID

Description

f5fa174d-19de-11ef-83d8-4ccc6adda413

QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth

Andy Shaw reports:

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed.

This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flow.

Discovery 2024-05-08
Entry 2024-05-24
qt5-networkauth

< 5.15.13_1

qt6-networkauth

< 6.7.1

CVE-2024-36048
https://www.qt.io/blog/security-advisory-qstringconverter-0
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317