CVE-2024-36048

qtnetworkauth: badly seeded PRNG may result in guessable values

Description

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

INFO

Published Date :

2024-05-18T00:00:00.000Z

Last Modified :

2025-11-04T22:06:19.365Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2024-36048 vulnerability.

Vendors	Products
Fedoraproject	Fedora
Qt	Qt Qt Network Authorization

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36048.

URL	Resource
https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.7.1/release-note.md
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317
https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
https://lists.fedoraproject.org/archives/list/[email protected]/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/
https://nvd.nist.gov/vuln/detail/CVE-2024-36048
https://www.cve.org/CVERecord?id=CVE-2024-36048

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact