Buffer Overflow Vulnerability in Qt 6.3.2 from Qt Project
CVE-2022-43591

8.8HIGH

Key Information:

Vendor

Qt Project

Status
Qt
Vendor
CVE Published:
12 January 2023

What is CVE-2022-43591?

A buffer overflow vulnerability exists in the QML QtScript Reflect API of the Qt Project's Qt version 6.3.2. This flaw allows for out-of-bounds memory access when a specially-crafted JavaScript code is executed. An attacker can exploit this vulnerability by convincing a target application user to access a malicious web page, potentially leading to arbitrary code execution.

Affected Version(s)

Qt 6.4

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-43591 : Buffer Overflow Vulnerability in Qt 6.3.2 from Qt Project