PT-2007-1026 · Qt Company+1 · Qt+1

Andreas Nolden

Publicado

2007-04-03

Atualizado

2017-10-11

CVE-2007-0242

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Qt versions 3.3.8 and 4.2.3

Description: The issue is related to the UTF-8 decoder in Qt, which does not reject long UTF-8 sequences as required by the standard. This allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. Multiple vulnerabilities in Qt packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations: For Qt versions 3.3.8 and 4.2.3, update to a version that includes a fix for the UTF-8 decoder issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

BDU:2015-02906

BDU:2015-06485

BDU:2015-06486

BDU:2015-06487

BDU:2015-06488

BDU:2015-06489

BDU:2015-06490

BDU:2015-06491

BDU:2015-06492

BDU:2015-06493

CVE-2007-0242

DSA-1292-1

RHSA-2007:0883

RHSA-2007:0909

RHSA-2007_0883

RHSA-2007_0909

RHSA-2011:1324

RHSA-2011_1324

Produtos afetados

Red Hat

PT-2007-1026 · Qt Company+1 · Qt+1

CVE-2007-0242

Identificadores relacionados

Produtos afetados

Referências · 102