Published: 28/02/2020 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Qt up to and including 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for malicious users to cause a denial of service (memory consumption).

Vulnerable Product	Search on Vulmon	Subscribe to Product
qt qt

Synopsis Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for qt5-qtbase, qt5-qttools, and qt5-qtwebsockets is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impac ...

Debian Bug report logs - #953049 qtwebsockets-opensource-src: CVE-2018-21035: QWebsocket large frame/message issue, denial of service Package: src:qtwebsockets-opensource-src; Maintainer for src:qtwebsockets-opensource-src is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Reported by: Salvatore Bonaccorso <car ...

CWE-770 https://bugreports.qt.io/browse/QTBUG-70693 https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 https://access.redhat.com/errata/RHSA-2020:4690 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-21035

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect