Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

Published

2021-08-09T22:15:08.607

Last Modified

2024-11-21T05:16:00.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qt	qt	< 5.12.7	Yes
Application	qt	qt	≤ 5.13.2	Yes

References

https://codereview.qt-project.org/c/qt/qtbase/+/280730 Patch, Vendor Advisory ([email protected])
https://codereview.qt-project.org/c/qt/qtbase/+/280730 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)