CVE-2023-45935 — NULL Pointer Dereference in Qt6-base

CWE-476 — NULL Pointer Dereference5 documents4 sources

Severity

4.2MEDIUMNVD

EPSS

0.0%

top 95.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Qt6-base Debian Qtbase-opensource-src Debian Qtbase-opensource-src-gles

Timeline

PublishedMar 27

Description

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:HExploitability: 0.6 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/qt6-base

▶debiandebian/qtbase-opensource-src

▶debiandebian/qtbase-opensource-src-gles

🔴Vulnerability Details

OSV

CVE-2023-45935: ** DISPUTED ** Qt 6 through 6↗2024-03-27

▶

OSV

CVE-2023-45935: Qt 6 through 6↗2024-03-27

▶

GHSA

GHSA-mfgg-7fpx-cp7p: Qt 6 through 6↗2024-03-27

▶

📋Vendor Advisories

Debian

CVE-2023-45935: qt6-base - Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the fu...↗2023

▶