National Cyber Awareness System

Vulnerability Summary for CVE-2010-2621

Overview

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: SUSE

Name: SUSE-SU-2011:1113

Hyperlink:https://hermes.opensuse.org/messages/12056605

External Source: VUPEN

Name: ADV-2010-1657

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1657

External Source: BID

Name: 41250

Hyperlink:http://www.securityfocus.com/bid/41250

External Source: SECUNIA

Name: 46410

Type: Advisory

Hyperlink:http://secunia.com/advisories/46410

External Source: SECUNIA

Name: 40389

Type: Advisory

Hyperlink:http://secunia.com/advisories/40389

External Source: CONFIRM

Name: http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597

Hyperlink:http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597

External Source: OSVDB

Name: 65860

Hyperlink:http://osvdb.org/65860

External Source: MISC

Name: http://aluigi.org/poc/qtsslame.zip

Hyperlink:http://aluigi.org/poc/qtsslame.zip

External Source: MISC

Name: http://aluigi.org/adv/qtsslame-adv.txt

Hyperlink:http://aluigi.org/adv/qtsslame-adv.txt