Lucene search

FreeBSDBBCB1584-C068-11EE-BDD6-4CCC6ADDA413

HistoryJan 30, 2024 - 12:00 a.m.

qt6-webengine -- Multiple vulnerabilities

2024-01-3000:00:00

vuxml.freebsd.org

qt6

webengine

chromium

security

vulnerabilities

use after free

integer underflow

insufficient policy enforcement

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

36.3%

JSON

Qt qtwebengine-chromium repo reports:

Backports for 3 security bugs in Chromium:

[1505080] High CVE-2024-0807: Use after free in WebAudio
[1504936] Critical CVE-2024-0808: Integer underflow in WebUI
[1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqt5-webengine< 5.15.16.p5_5UNKNOWN
FreeBSDanynoarchqt6-webengine< 6.6.1_4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	qt5-webengine	< 5.15.16.p5_5	UNKNOWN
FreeBSD	any	noarch	qt6-webengine	< 6.6.1_4	UNKNOWN

References

code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

36.3%

JSON

Related for BBCB1584-C068-11EE-BDD6-4CCC6ADDA413