Description

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

INFO

Published Date :

2025-06-11T07:33:41.071Z

Last Modified :

2025-06-11T13:18:09.662Z

Source :

TQtC
AFFECTED PRODUCTS

The following products are affected by CVE-2025-5991 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5991.

URL Resource
https://codereview.qt-project.org/c/qt/qtbase/+/643777 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-5991 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-5991 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact