PT-2025-25184 · Qt Company+1 · Qt+1
Published
2025-06-11
·
Updated
2025-06-11
·
CVE-2025-5991
CVSS v4.0
2.1
Low
| Vector | AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
Qt versions 6.9.0
Description
The issue is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module, affecting only HTTP/2 handling. This occurs due to a race condition between uploading the body of a POST request and handling HTTP error responses simultaneously.
Recommendations
For Qt version 6.9.0, update to Qt 6.9.1 to resolve the issue. As a temporary workaround, consider disabling HTTP/2 handling in the QtNetwork module until the update is applied.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Qt