CVE-2024-36048

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 Patch
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ Third Party Advisory
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 Patch
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
History

04 Nov 2025, 22:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/[email protected]/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ -
  • () https://lists.fedoraproject.org/archives/list/[email protected]/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ -
  • () https://lists.fedoraproject.org/archives/list/[email protected]/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ -
Information

Published : 2024-05-18 21:15

Updated : 2025-11-04 22:16

NVD link : CVE-2024-36048

Mitre link : CVE-2024-36048

CVE.ORG link : CVE-2024-36048

JSON object : View

Products Affected

qt

  • qt

fedoraproject

  • fedora
CWE
CWE-335

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)