CVE-2012-6093
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
La función QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan ciertas versiones de openSSL, usa un diseño de estructura incompatible que puede leer memoria desde una dirección erronea, lo que produce que Qt reporte un error incorrecto cuando el certificado de validación falle y puede causar a los usuarios que hagan decisiones de seguridad inseguras para aceptar certificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-06 CVE Reserved
- 2013-02-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 | X_refsource_misc | |
| http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29 | X_refsource_confirm | |
| http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2013/01/04/6 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=891955 | X_refsource_misc | |
| https://codereview.qt-project.org/#change%2C42461 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html | 2023-02-13 | |
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html | 2023-02-13 | |
| http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html | 2023-02-13 | |
| http://lists.qt-project.org/pipermail/announce/2013-January/000020.html | 2023-02-13 | |
| http://secunia.com/advisories/52217 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1723-1 | 2023-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | <= 4.6.5 Search vendor "Qt" for product "Qt" and version " <= 4.6.5" | rc |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.6.0 Search vendor "Qt" for product "Qt" and version "4.6.0" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.6.0 Search vendor "Qt" for product "Qt" and version "4.6.0" | rc1 |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.6.1 Search vendor "Qt" for product "Qt" and version "4.6.1" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.6.2 Search vendor "Qt" for product "Qt" and version "4.6.2" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.6.3 Search vendor "Qt" for product "Qt" and version "4.6.3" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.6.4 Search vendor "Qt" for product "Qt" and version "4.6.4" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.7.0 Search vendor "Qt" for product "Qt" and version "4.7.0" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.7.1 Search vendor "Qt" for product "Qt" and version "4.7.1" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.7.2 Search vendor "Qt" for product "Qt" and version "4.7.2" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.7.3 Search vendor "Qt" for product "Qt" and version "4.7.3" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.7.4 Search vendor "Qt" for product "Qt" and version "4.7.4" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.7.5 Search vendor "Qt" for product "Qt" and version "4.7.5" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.7.6 Search vendor "Qt" for product "Qt" and version "4.7.6" | rc |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.8.0 Search vendor "Qt" for product "Qt" and version "4.8.0" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.8.1 Search vendor "Qt" for product "Qt" and version "4.8.1" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.8.2 Search vendor "Qt" for product "Qt" and version "4.8.2" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.8.3 Search vendor "Qt" for product "Qt" and version "4.8.3" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 4.8.4 Search vendor "Qt" for product "Qt" and version "4.8.4" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 11.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2" | - |
Affected
| ||||||