CVE-2010-5076

Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name

Severity Score

5.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comodín en el campo "Common Name" del "subject" de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL arbitrarios a través de un certificado modificado suministrado por una autoridad de certificación legítima.

Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-12-19 CVE Reserved
2012-06-20 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (11)

URL	Tag	Source
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt	X_refsource_misc
https://bugreports.qt-project.org/browse/QTBUG-4455	X_refsource_confirm

URL	Date	SRC
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0	2024-08-07

URL	Date	SRC
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e	2021-06-16

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2012-0880.html	2021-06-16
http://secunia.com/advisories/41236	2021-06-16
http://secunia.com/advisories/49604	2021-06-16
http://secunia.com/advisories/49895	2021-06-16
http://www.ubuntu.com/usn/USN-1504-1	2021-06-16
https://access.redhat.com/security/cve/CVE-2010-5076	2012-06-19
https://bugzilla.redhat.com/show_bug.cgi?id=630063	2012-06-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Digia Search vendor "Digia"		Qt Search vendor "Digia" for product "Qt"				<= 4.6.4 Search vendor "Digia" for product "Qt" and version " <= 4.6.4"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.0.0 Search vendor "Qt" for product "Qt" and version "4.0.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.0.1 Search vendor "Qt" for product "Qt" and version "4.0.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.0 Search vendor "Qt" for product "Qt" and version "4.1.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.1 Search vendor "Qt" for product "Qt" and version "4.1.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.2 Search vendor "Qt" for product "Qt" and version "4.1.2"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.3 Search vendor "Qt" for product "Qt" and version "4.1.3"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.4 Search vendor "Qt" for product "Qt" and version "4.1.4"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.5 Search vendor "Qt" for product "Qt" and version "4.1.5"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.2.0 Search vendor "Qt" for product "Qt" and version "4.2.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.2.1 Search vendor "Qt" for product "Qt" and version "4.2.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.2.3 Search vendor "Qt" for product "Qt" and version "4.2.3"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.3.0 Search vendor "Qt" for product "Qt" and version "4.3.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.3.1 Search vendor "Qt" for product "Qt" and version "4.3.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.3.2 Search vendor "Qt" for product "Qt" and version "4.3.2"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.3.3 Search vendor "Qt" for product "Qt" and version "4.3.3"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.3.4 Search vendor "Qt" for product "Qt" and version "4.3.4"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.3.5 Search vendor "Qt" for product "Qt" and version "4.3.5"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.4.0 Search vendor "Qt" for product "Qt" and version "4.4.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.4.1 Search vendor "Qt" for product "Qt" and version "4.4.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.4.2 Search vendor "Qt" for product "Qt" and version "4.4.2"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.4.3 Search vendor "Qt" for product "Qt" and version "4.4.3"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.5.0 Search vendor "Qt" for product "Qt" and version "4.5.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.5.1 Search vendor "Qt" for product "Qt" and version "4.5.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.5.2 Search vendor "Qt" for product "Qt" and version "4.5.2"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.5.3 Search vendor "Qt" for product "Qt" and version "4.5.3"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.6.0 Search vendor "Qt" for product "Qt" and version "4.6.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.6.0 Search vendor "Qt" for product "Qt" and version "4.6.0"		rc1		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.6.1 Search vendor "Qt" for product "Qt" and version "4.6.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.6.2 Search vendor "Qt" for product "Qt" and version "4.6.2"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.6.3 Search vendor "Qt" for product "Qt" and version "4.6.3"		-		Affected