CVE-2024-36048
- Source
- https://cve.org/CVERecord?id=CVE-2024-36048
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36048.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-36048
- Downstream
- Related
- Published
- 2024-05-18T21:15:47.673Z
- Modified
- 2026-04-02T12:16:33.647443Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
- https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
Affected packages
Git / github.com/qt/qtbase
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qtbase
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "5.15.17" }, { "introduced": "6.0.0" }, { "fixed": "6.2.13" }, { "introduced": "6.3.0" }, { "fixed": "6.5.6" }, { "introduced": "6.6.0" }, { "fixed": "6.7.1" } ] }
Affected versions
qt-v5.*
qt-v5.0.0-alpha1
v5.*
v5.0.0
v5.0.0-beta1
v5.0.0-beta2
v5.0.0-rc1
v5.0.0-rc2
v5.0.1
v5.0.2
v5.1.0
v5.1.0-alpha1
v5.1.0-beta1
v5.1.0-rc1
v5.1.0-rc2
v5.1.1
v5.10.0
v5.10.0-alpha1
v5.10.0-beta1
v5.10.0-beta2
v5.10.0-beta3
v5.10.0-beta4
v5.10.0-rc1
v5.10.0-rc2
v5.10.0-rc3
v5.10.1
v5.11.0
v5.11.0-alpha1
v5.11.0-beta1
v5.11.0-beta2
v5.11.0-beta3
v5.11.0-beta4
v5.11.0-rc1
v5.11.0-rc2
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.12.0-alpha1
v5.12.0-beta1
v5.12.0-beta2
v5.12.0-beta3
v5.12.0-beta4
v5.12.0-rc1
v5.12.0-rc2
v5.12.1
v5.12.10
v5.12.11
v5.12.12
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.12.6
v5.12.7
v5.12.8
v5.12.9
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.13.2
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.15.1
v5.15.10-lts-lgpl
v5.15.11-lts-lgpl
v5.15.12-lts-lgpl
v5.15.13-lts-lgpl
v5.15.14-lts-lgpl
v5.15.15-lts-lgpl
v5.15.16-lts-lgpl
v5.15.18-lts-lgpl
v5.15.2
v5.15.3-lts-lgpl
v5.15.4-lts-lgpl
v5.15.5-lts-lgpl
v5.15.6-lts-lgpl
v5.15.7-lts-lgpl
v5.15.8-lts-lgpl
v5.15.9-lts-lgpl
v5.2.0
v5.2.0-alpha1
v5.2.0-beta1
v5.2.0-rc1
v5.2.1
v5.3.0
v5.3.0-alpha1
v5.3.0-beta1
v5.3.0-rc1
v5.3.1
v5.3.2
v5.4.0
v5.4.0-alpha1
v5.4.0-beta1
v5.4.0-rc1
v5.4.1
v5.4.2
v5.5.0
v5.5.0-alpha1
v5.5.0-beta1
v5.5.0-rc1
v5.5.1
v5.6.0
v5.6.0-alpha1
v5.6.0-beta1
v5.6.0-rc1
v5.6.1
v5.6.1-1
v5.6.2
v5.6.3
v5.7.0
v5.7.0-alpha1
v5.7.0-beta1
v5.7.0-rc1
v5.7.1
v5.8.0
v5.8.0-alpha1
v5.8.0-beta1
v5.8.0-rc1
v5.9.0
v5.9.0-alpha1
v5.9.0-beta1
v5.9.0-beta2
v5.9.0-beta3
v5.9.0-beta4
v5.9.0-rc1
v5.9.0-rc2
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6
v5.9.7
v5.9.8
v5.9.9
v6.*
v6.0.0
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.0.0-rc1
v6.0.0-rc2
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.1.0
v6.1.0-alpha1
v6.1.0-beta1
v6.1.0-beta2
v6.1.0-beta3
v6.1.0-rc1
v6.1.0-rc2
v6.1.1
v6.1.2
v6.1.3
v6.10.0
v6.10.0-beta1
v6.10.0-beta2
v6.10.0-beta3
v6.10.0-beta4
v6.10.0-rc1
v6.10.1
v6.10.2
v6.10.3
v6.11.0
v6.11.0-beta1
v6.11.0-beta2
v6.11.0-beta3
v6.11.0-rc1
v6.2.0
v6.2.0-alpha1
v6.2.0-beta1
v6.2.0-beta2
v6.2.0-beta3
v6.2.0-beta4
v6.2.0-rc1
v6.2.0-rc2
v6.2.1
v6.2.10-lts-lgpl
v6.2.11-lts-lgpl
v6.2.12-lts-lgpl
v6.2.2
v6.2.3
v6.2.4
v6.2.5-lts-lgpl
v6.2.6-lts-lgpl
v6.2.7-lts-lgpl
v6.2.8-lts-lgpl
v6.2.9-lts-lgpl
v6.3.0
v6.3.0-alpha1
v6.3.0-beta1
v6.3.0-beta2
v6.3.0-beta3
v6.3.0-rc1
v6.3.1
v6.3.2
v6.4.0
v6.4.0-beta1
v6.4.0-beta2
v6.4.0-beta3
v6.4.0-beta4
v6.4.0-rc1
v6.4.1
v6.4.2
v6.4.3
v6.5.0
v6.5.0-beta1
v6.5.0-beta2
v6.5.0-beta3
v6.5.0-rc1
v6.5.1
v6.5.2
v6.5.3
v6.5.4-lts-lgpl
v6.5.5-lts-lgpl
v6.6.0
v6.6.0-beta1
v6.6.0-beta2
v6.6.0-beta3
v6.6.0-beta4
v6.6.0-rc1
v6.6.1
v6.6.2
v6.6.3
v6.7.0
v6.7.0-beta1
v6.7.0-beta2
v6.7.0-beta3
v6.7.0-rc1
v6.7.0-rc2
v6.7.2
v6.7.3
v6.8.0
v6.8.0-beta1
v6.8.0-beta2
v6.8.0-beta3
v6.8.0-beta4
v6.8.0-rc1
v6.8.1
v6.8.2
v6.8.3
v6.9.0
v6.9.0-beta1
v6.9.0-beta2
v6.9.0-beta3
v6.9.0-rc1
v6.9.1
v6.9.2
v6.9.3
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36048.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "40"
}
]
}
]
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "167710641914584835164638987615464980987",
"length": 255.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-0cf1020b",
"target": {
"file": "tests/auto/gui/kernel/qwindow/tst_foreignwindow.cpp",
"function": "tst_ForeignWindow::destroyExplicitly"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"19558493098812227728671165474361015392",
"106008374532169155072527926556305774515",
"188893840817205926988204630655514730863",
"235179633474731591380608793762610541546"
],
"threshold": 0.9
},
"source": "https://github.com/qt/qtbase/commit/5d8e9a8415562ba004b38508d91e1fa0254c17d3",
"id": "CVE-2024-36048-27de3958",
"target": {
"file": "src/tools/qlalr/cppgenerator.cpp"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"150320445698472585452359711103017300747",
"228784429919967287149882555896621883845",
"296577847816729286036815618586912137908",
"293740708044199438632626542404706028099",
"245147283371604809026738141956992108570"
],
"threshold": 0.9
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-3433f5bf",
"target": {
"file": "src/plugins/platforms/xcb/qxcbwindow.cpp"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"284488683758679824838732995531507759190",
"137384156562249189954597410965423276826",
"223949202602341188889996243530118959715",
"156428147933671293219285084319497247749"
],
"threshold": 0.9
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-3aed0601",
"target": {
"file": "tests/shared/nativewindow.h"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "136461757324256813282022259417379127365",
"length": 158.0
},
"source": "https://github.com/qt/qtbase/commit/5d8e9a8415562ba004b38508d91e1fa0254c17d3",
"id": "CVE-2024-36048-40617b24",
"target": {
"file": "src/tools/qlalr/cppgenerator.cpp",
"function": "CppGenerator::copyrightHeader"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "20983207763261539872075793526631137963",
"length": 461.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-4afce0fd",
"target": {
"file": "tests/auto/gui/kernel/qwindow/tst_foreignwindow.cpp",
"function": "tst_ForeignWindow::destroyWhenParentIsDestroyed"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "251886366003440757698313607737525806609",
"length": 235.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-523556a4",
"target": {
"file": "tests/shared/nativewindow.h",
"function": "NativeWindow::parentWinId"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "250516772070905167994963571316013624661",
"length": 238.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-5cfb4c25",
"target": {
"file": "src/plugins/platforms/windows/qwindowswindow.cpp",
"function": "QWindowsForeignWindow::QWindowsForeignWindow"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"255763870131283539416238262527083052562",
"154290781434968483991591887671502434935",
"74569841705936854573047932254770923601",
"270723195833870282506416390078022708435"
],
"threshold": 0.9
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-60b98039",
"target": {
"file": "src/gui/kernel/qwindow_p.h"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"271267143252185474985038563552166048983",
"304703185827017335069513822157713052213",
"117739349344470412539153357415096516955",
"85405678149403526245140560040940334407",
"282548076780827272515054954826773417203",
"58636945141286012246812604982755324591",
"226919422802901910251475876837542119878",
"57657238509838055209967576852470098414",
"125396915458609705207129786992095377467",
"130611596281539227421270101693398704059",
"161423302330941662624559568809690976628",
"98745766587119799757734107415124725097",
"223631395069105247929784425858952995805",
"224696349237157131722753654134206196555",
"218466060350931645704801792742619652728",
"286669364175246423205630997889849974160",
"155499522296625747483328165178536059847",
"187306856615574609504397138770280786264",
"235131350359379400929830233080673380980",
"183348236376123823417323438027111592996",
"73908069670223730780283871581003907951",
"209523599475827730032359635212266084710",
"109323854446146428432329564228585909623",
"307271913190766715105776552384876072614",
"327178978675058488392579593919847543707",
"278295402547499022294253430384398689489",
"235668346213930321240866402162382560595",
"239716182879539760265739827611778490047",
"160193077348762833855369632908184231270",
"271339712384314528442862761554943401158",
"263517721054527747583097021726661914757",
"334177539483362066157487955768220524580",
"252667410959370162679768442517420660165"
],
"threshold": 0.9
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-69396c47",
"target": {
"file": "tests/auto/gui/kernel/qwindow/tst_foreignwindow.cpp"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "176722929344905443242641945216116209992",
"length": 1404.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-6f2b6b29",
"target": {
"file": "src/gui/kernel/qwindow.cpp",
"function": "QWindowPrivate::destroy"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "336063707599965201397787498120887207169",
"length": 463.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-7a3e94d5",
"target": {
"file": "src/gui/kernel/qwindow.cpp",
"function": "QWindow::fromWinId"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"170918521822753109722805215684980918371",
"208900494547661617563751714460267370046",
"72361635139111024271292197914853792047",
"296876370931435045398195468025204496532",
"314588329271105265997394040364548181166",
"225968566634798766526194628259854332030",
"197495242586376899286860793700741657745",
"37764931066808804107608242641882445630",
"123161753631682005629502020092765198795",
"127662497201127743309816801617869708966",
"7456742301097996628237030342816657051",
"311808879622629141321589447278234192084",
"33224400154342995976006381824104992882",
"264303571402420837268788127843935840176",
"4286483838893697644920445583551222783",
"215495962327457092015205985936722438580",
"250759909051104766322651172427407149520",
"242572804959014945605606592076337298207",
"66066741872771280887458129748495793889",
"152204835169387140523345328240925823692",
"64451311532627355724053563169036360061",
"228353725361454832350169210217754827285"
],
"threshold": 0.9
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-83ab456c",
"target": {
"file": "src/gui/kernel/qwindow.cpp"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "339466499712346323303186085518200592490",
"length": 385.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-b8966155",
"target": {
"file": "src/plugins/platforms/xcb/qxcbwindow.cpp",
"function": "QXcbForeignWindow::QXcbForeignWindow"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"320163082161638120848969086796738968097",
"20851984051808150355602232212892830408",
"22306868943391977493998565180853396387",
"326924177956679107123828597211693716992",
"26867001979929416552194252857180725267"
],
"threshold": 0.9
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-cb3fac34",
"target": {
"file": "src/plugins/platforms/windows/qwindowswindow.cpp"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "199618135588116812246470301302012436158",
"length": 1427.0
},
"source": "https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85",
"id": "CVE-2024-36048-d4ca6a93",
"target": {
"file": "src/gui/kernel/qwindow.cpp",
"function": "QWindowPrivate::create"
}
}
]