CVE-2022-43591Heap-based Buffer Overflow in Project QT

CWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
8.8HIGHNVD
EPSS
1.2%
top 21.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian Qt6-declarativeDebian Qtdeclarative-opensource-srcDebian Qtdeclarative-opensource-src-gles+2 more
Timeline
PublishedJan 12
Latest updateJan 13

Description

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5qt_project/qt6.4
debiandebian/qt6-declarative< qt6-declarative 6.4.2+dfsg~rc1-2 (bookworm)
debiandebian/qtdeclarative-opensource-src< qt6-declarative 6.4.2+dfsg~rc1-2 (bookworm)
debiandebian/qtdeclarative-opensource-src-gles< qt6-declarative 6.4.2+dfsg~rc1-2 (bookworm)
NVDqt/qt6.3.2

🔴Vulnerability Details

2
GHSA
GHSA-hvpm-p42q-mxrw: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 62023-01-12
OSV
CVE-2022-43591: A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 62023-01-12

📋Vendor Advisories

1
Debian
CVE-2022-43591: qt6-declarative - A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Pro...2022

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML2023-01-13
Talos
Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML2023-01-13