FKIE_CVE-2012-6093

Vulnerability from fkie_nvd - Published: 2013-02-24 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
References
secalert@redhat.comhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
secalert@redhat.comhttp://lists.qt-project.org/pipermail/announce/2013-January/000020.htmlVendor Advisory
secalert@redhat.comhttp://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
secalert@redhat.comhttp://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
secalert@redhat.comhttp://secunia.com/advisories/52217Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/01/04/6
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1723-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=891955
secalert@redhat.comhttps://codereview.qt-project.org/#change%2C42461
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
af854a3a-2127-422b-91ae-364da2661108http://lists.qt-project.org/pipermail/announce/2013-January/000020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
af854a3a-2127-422b-91ae-364da2661108http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52217Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/01/04/6
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1723-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=891955
af854a3a-2127-422b-91ae-364da2661108https://codereview.qt-project.org/#change%2C42461
Impacted products
Vendor Product Version
qt qt *
qt qt 4.6.0
qt qt 4.6.0
qt qt 4.6.1
qt qt 4.6.2
qt qt 4.6.3
qt qt 4.6.4
qt qt 4.7.0
qt qt 4.7.1
qt qt 4.7.2
qt qt 4.7.3
qt qt 4.7.4
qt qt 4.7.5
qt qt 4.7.6
qt qt 4.8.0
qt qt 4.8.1
qt qt 4.8.2
qt qt 4.8.3
qt qt 4.8.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
opensuse opensuse 11.4
opensuse opensuse 12.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qt:qt:*:rc:*:*:*:*:*:*",
              "matchCriteriaId": "89E6A634-D297-42AF-B001-48BCBB89C240",
              "versionEndIncluding": "4.6.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan ciertas versiones de openSSL, usa un dise\u00f1o de estructura incompatible que puede leer memoria desde una direcci\u00f3n erronea, lo que produce que Qt reporte un error incorrecto cuando el certificado de validaci\u00f3n falle y puede causar a los usuarios que hagan decisiones de seguridad inseguras para aceptar certificados."
    }
  ],
  "id": "CVE-2012-6093",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-24T19:55:00.907",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52217"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1723-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://codereview.qt-project.org/#change%2C42461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1723-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://codereview.qt-project.org/#change%2C42461"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.