CVE-2010-5076
published 2012-06-29CVE-2010-5076: QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.40%
69.1th percentile
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| digia | qt | <= 4.6.4 | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c3q6-g74w-mvvq: QSslSocket in Qt before 4
ghsa_unreviewed·2022-05-13
CVE-2010-5076 [MEDIUM] CWE-20 GHSA-c3q6-g74w-mvvq: QSslSocket in Qt before 4
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Ubuntu
Qt vulnerabilities
vendor_ubuntu·2012-07-11·CVSS 4.3
CVE-2010-5076 [MEDIUM] Qt vulnerabilities
Title: Qt vulnerabilities
Summary: Qt Applications could be made to crash or run programs as your login if
they opened specially crafted files.
It was discovered that Qt did not properly handle wildcard domain names or
IP addresses in the Common Name field of X.509 certificates. An attacker
could exploit this to perform a machine-in-the-middle attack to view sensitive
information or alter encrypted communications. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-5076)
A heap-based buffer overflow was discovered in the HarfBuzz module. If a
user were tricked into opening a crafted font file in a Qt application,
an attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2011-3193)
It was discovered that Qt
Red Hat
Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name
vendor_redhat·2010-07-14·CVSS 4.3
CVE-2010-5076 [MEDIUM] Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name
Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
No detection rules found.
No public exploits indexed.
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369ehttp://rhn.redhat.com/errata/RHSA-2012-0880.htmlhttp://secunia.com/advisories/41236http://secunia.com/advisories/49604http://secunia.com/advisories/49895http://www.ubuntu.com/usn/USN-1504-1http://www.westpoint.ltd.uk/advisories/wp-10-0001.txthttps://bugreports.qt-project.org/browse/QTBUG-4455http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369ehttp://rhn.redhat.com/errata/RHSA-2012-0880.htmlhttp://secunia.com/advisories/41236http://secunia.com/advisories/49604http://secunia.com/advisories/49895http://www.ubuntu.com/usn/USN-1504-1http://www.westpoint.ltd.uk/advisories/wp-10-0001.txthttps://bugreports.qt-project.org/browse/QTBUG-4455
2012-06-29
Published