CVE-2010-2621

Description

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

How to fix CVE-2010-2621

To remediate CVE-2010-2621, upgrade the affected package to a fixed version below.

• Debian/qt4-x11—upgrade to 4:4.6.3-2 or later

Is CVE-2010-2621 being exploited?

Moderate — EPSS is 12.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 4:4.6.3-2

References (9)

• ADVISORYsecunia.com/advisories/40389
• ADVISORYsecunia.com/advisories/46410
• ADVISORYwww.vupen.com/english/advisories/2010/1657
• EXPLOITaluigi.org/poc/qtsslame.zip
• EXPLOITwww.securityfocus.com/bid/41250