Blog

Security advisory: Potential Use-After-Free issue in Qt for WebAssembly’s implementation of QNetworkReply

Apr 18, 2024

by Andy Shaw

Comments

A recently reported potential Use-After-Free issue in Qt’s wasm implementation of QNetworkReply has been assigned the CVE id CVE-2024-30161.

The issue was discovered in Qt versions 6.5.4, 6.5.5, and 6.6.2.

QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly if using the affected versions.

Solution: Apply the following patch or update to Qt 6.5.6 or 6.6.3

Patches:

dev: https://codereview.qt-project.org/c/qt/qtbase/+/544314
Qt 6.6: https://codereview.qt-project.org/c/qt/qtbase/+/548060 or https://download.qt.io/official_releases/qt/6.6/CVE-2024-30161-qtbase-6.6.diff
Qt 6.5: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/548490 or https://download.qt.io/official_releases/qt/6.5/CVE-2024-30161-qtbase-6.5.diff

Share with your friends

Blog Topics

Comments

Related Articles

Security advisory: Type confusion and heap-buffer-overflow vulnerability in Qt SVG marker handling impacts Qt

Type Confusion and Heap-based Buffer Overflow vulnerability in the SVG..

Read Article

Security advisory: QML Code Injection in VectorImage Component in Qt declarative module impacts Qt

Improper Control of Generation of Code ('Code Injection') vulnerability in..

Read Article

Security advisory: Recently reported dr_wav issue impacts Qt

A recently reported issue regarding the loading of specifically crafted..

Read Article