Qt 'QSslSocketBackendPrivate::transmit()' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Qt and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service. Impact Level: Application

Solution

Upgrade to version 4.6.4 or later, For updates refer to ftp://ftp.qt.nokia.com/qt/source

Insight

This flaw is due to an endless loop within the 'QSslSocketBackendPrivate::transmit()' function in 'src/network/ssl/qsslsocket_openssl.cpp'. This can be exploited to exhaust CPU resources in server applications using the QSslSocket class.

Affected

Qt Version 4.6.3 and prior.

References

http://aluigi.altervista.org/adv/qtsslame-adv.txt
http://secunia.com/advisories/40389
http://www.vupen.com/english/advisories/2010/1657

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2621
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Dell OpenManage Web Server <= 3.7.1
Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
Denial Of Service Vulnerability in PHP April-09
Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability

Qt 'QSslSocketBackendPrivate::transmit()' Denial of Service Vulnerability

Take action and discover your vulnerabilities