CVE-2024-36048

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

Published: May 18, 2024
Updated: May 19, 2024
CVE: CVE-2024-36048
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
qt / qt	-	5.15.17
qt / qt	6.0.0	6.2.13
qt / qt	6.3.0	6.5.6
qt / qt	6.6.0	6.7.1
fedoraproject / fedora	39	39.x
fedoraproject / fedora	40	40.x

https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/

Vulnerability Database

289,697

CVE-2024-36048