BDU:2022-00893

Уязвимость пакета qt/qtbase библиотеки Qt, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2022-25255

Published: 2022-02-16
Modified: 2024-11-21

CVE-2022-25255

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-03-02
Modified: 2024-11-21

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Version: 2.1.2

Package qt5-graphicaleffects update in sisyphus_e2k on 2023-08-31

ALT-PU-2023-5272-1

Closed vulnerabilities

BDU:2022-00893

CVE-2022-25255

CVE-2022-25634