2371671 – (CVE-2025-5991) CVE-2025-5991 qt: Use after free in Qt

Bug 2371671 (CVE-2025-5991) - CVE-2025-5991 qt: Use after free in Qt

Summary: CVE-2025-5991 qt: Use after free in Qt

Keywords:
Status:	NEW
Alias:	CVE-2025-5991
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-11 08:01 UTC by OSIDB Bzimport
Modified:	2025-06-11 22:13 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-06-11 08:01:06 UTC

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a
 POST request and the simultaneous handling of HTTP error responses.

This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

Note You need to log in before you can comment on or make changes to this bug.