QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6093

Published: Feb 24, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2013:0204

vendor-advisory

x_refsource_SUSE

https://codereview.qt-project.org/#change%2C42461

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2013:0256

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2013:0211

vendor-advisory

x_refsource_SUSE

http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29

x_refsource_CONFIRM

[Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails

mailing-list

x_refsource_MLIST

http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29

x_refsource_CONFIRM

[oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=891955

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.