Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Qt ‘QSslSocket::sslErrors()’证书验证安全漏洞
Vulnerability Description
Digia Qt是芬兰Digia公司的一套跨平台的C++应用程序开发框架。该框架可用于开发GUI程序。 Qt 4.6.5之前版本,4.7.6之前的4.7.x版本,4.8.5之前的4.8.x版本的QSslSocket::sslErrors函数中存在漏洞,该漏洞源于在使用某版本的openSSL的情况下,程序使用了一个“不兼容结构布局”使得其可以从错误的位置读取内存。攻击者可利用该漏洞在证书验证期间令Qt报告不正确的错误信息,并且还可能令用户做出不安全的接收证书的决定。
CVSS Information
N/A
Vulnerability Type
N/A