Bug 1993132 (CVE-2020-24741)
| Summary: | CVE-2020-24741 qt: QLibrary loads libraries relative to CWD which could result in arbitrary code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | helio, jgrulich, jreznik, kasal, kevin, me, rdieter, smparrish, than |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | qt 5.12.7, qt 5.14.1, qt 5.15.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-04-18 00:26:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1993133, 1993134, 1993135, 2012851 | ||
| Bug Blocks: | 1993141 | ||
|
Description
Michael Kaplan
2021-08-12 13:07:08 UTC
Created qt tracking bugs for this issue: Affects: fedora-all [bug 1993133] Created qt3 tracking bugs for this issue: Affects: fedora-all [bug 1993134] Created qt5 tracking bugs for this issue: Affects: fedora-all [bug 1993135] Upstream commit: https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=commitdiff;h=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-24741 |