Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2621 — Improper Input Validation in QT

CWE-20 — Improper Input Validation CWE-835 — Infinite Loop6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

12.0%

top 6.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Digia QT QT

Timeline

PublishedJul 2

Latest updateMay 13

Description

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDdigia/qt4.6.3

▶NVDqt/qt28 versions+27

🔴Vulnerability Details

GHSA

GHSA-m9q6-wcwv-qqmp: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl↗2022-05-13

▶

OSV

CVE-2010-2621: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl↗2010-07-02

▶

💥Exploits & PoCs

Exploit-DB

Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service↗2010-07-08

▶

📋Vendor Advisories

Red Hat

(QSslSocketBackendPrivate): DoS (infinite loop) via malformed request↗2010-06-29

▶

💬Community

Bugzilla

CVE-2010-2621 Qt (QSslSocketBackendPrivate): DoS (infinite loop) via malformed request↗2010-07-03

▶