Bugzilla – Bug 1221926
VUL-0: CVE-2024-30161: libqt4,libqt5-qtbase,qt3,qt6-base: wasm component may access QNetworkReply header data via a dangling pointer
Last modified: 2024-04-09 12:30:07 UTC
In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-30161 https://www.cve.org/CVERecord?id=CVE-2024-30161 https://codereview.qt-project.org/c/qt/qtbase/+/544314 https://bugreports.qt.io/browse/QTBUG-122893 Patch: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365
I submitted Qt6 6.6.3 to SLE15-SP6 (which includes the patch for this issue in [1]) and also backported the patch to SLE15-SP5's Qt 6.4.2 and submitted it in [2]. [1] https://build.suse.de/request/show/324977 [2] https://build.suse.de/request/show/324987
Thanks Antonio. Considering not affected libqt5 since function emscripten_fetch() is called directly in the worker, not in a separate async thread, so the behavior is the similar as the patched code.
SUSE-SU-2024:1174-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1221926 CVE References: CVE-2024-30161 Maintenance Incident: [SUSE:Maintenance:33152](https://smelt.suse.de/incident/33152/) Sources used: SUSE Package Hub 15 15-SP5 (src): qt6-base-6.4.2-150500.3.17.1 openSUSE Leap 15.5 (src): qt6-base-docs-6.4.2-150500.3.17.1, qt6-base-6.4.2-150500.3.17.1 Desktop Applications Module 15-SP5 (src): qt6-base-6.4.2-150500.3.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.