CVE-2022-43591

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-43591
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43591.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-43591
Published
2023-01-12T17:15:09Z
Modified
2024-10-12T10:17:15.460157Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

References

Affected packages

Debian:12 / qt6-declarative

Package

Name
qt6-declarative
Purl
pkg:deb/debian/qt6-declarative?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.2+dfsg~rc1-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / qt6-declarative

Package

Name
qt6-declarative
Purl
pkg:deb/debian/qt6-declarative?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.2+dfsg~rc1-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / qtdeclarative-opensource-src

Package

Name
qtdeclarative-opensource-src
Purl
pkg:deb/debian/qtdeclarative-opensource-src?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-6
5.15.2+dfsg-7
5.15.2+dfsg-8
5.15.2+dfsg-9
5.15.2+dfsg-10
5.15.3+dfsg-1
5.15.4+dfsg-1
5.15.4+dfsg-2
5.15.4+dfsg-3
5.15.4+dfsg-4
5.15.4+dfsg-4+m68k
5.15.5+dfsg-1
5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.6+dfsg-2+m68k
5.15.7+dfsg-1
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.8+dfsg-2
5.15.8+dfsg-2+m68k
5.15.8+dfsg-3
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-2+m68k
5.15.10+dfsg-2+m68k.1
5.15.11+dfsg-1
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-2+hurd.1
5.15.13+dfsg-2+loong64
5.15.13+dfsg-2+m68k
5.15.15+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / qtdeclarative-opensource-src

Package

Name
qtdeclarative-opensource-src
Purl
pkg:deb/debian/qtdeclarative-opensource-src?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.8+dfsg-3
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-2+m68k
5.15.10+dfsg-2+m68k.1
5.15.11+dfsg-1
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-2+hurd.1
5.15.13+dfsg-2+loong64
5.15.13+dfsg-2+m68k
5.15.15+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / qtdeclarative-opensource-src

Package

Name
qtdeclarative-opensource-src
Purl
pkg:deb/debian/qtdeclarative-opensource-src?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.8+dfsg-3
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-2+m68k
5.15.10+dfsg-2+m68k.1
5.15.11+dfsg-1
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-2+hurd.1
5.15.13+dfsg-2+loong64
5.15.13+dfsg-2+m68k
5.15.15+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / qtdeclarative-opensource-src-gles

Package

Name
qtdeclarative-opensource-src-gles
Purl
pkg:deb/debian/qtdeclarative-opensource-src-gles?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-2
5.15.2+dfsg-3
5.15.3+dfsg-1
5.15.4+dfsg-1
5.15.4+dfsg-2
5.15.5+dfsg-1
5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.7+dfsg-1
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-3
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-3
5.15.15+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / qtdeclarative-opensource-src-gles

Package

Name
qtdeclarative-opensource-src-gles
Purl
pkg:deb/debian/qtdeclarative-opensource-src-gles?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.8+dfsg-1
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-3
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-3
5.15.15+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / qtdeclarative-opensource-src-gles

Package

Name
qtdeclarative-opensource-src-gles
Purl
pkg:deb/debian/qtdeclarative-opensource-src-gles?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.8+dfsg-1
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-3
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-3
5.15.15+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected