Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU96587
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-30161
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when accessing the QNetworkReply header data. A remote attacker can perform a denial of service attack.
Update the affected package qt6-base to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.5
Desktop Applications Module: 15-SP5
SUSE Package Hub 15: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.5
qt6-docs-common: before 6.4.2-150500.3.17.1
qt6-base-private-devel: before 6.4.2-150500.3.17.1
qt6-dbus-private-devel: before 6.4.2-150500.3.17.1
qt6-base-examples-debuginfo: before 6.4.2-150500.3.17.1
qt6-sql-unixODBC: before 6.4.2-150500.3.17.1
qt6-xml-private-devel: before 6.4.2-150500.3.17.1
qt6-sql-mysql-debuginfo: before 6.4.2-150500.3.17.1
qt6-platformtheme-xdgdesktopportal-debuginfo: before 6.4.2-150500.3.17.1
qt6-networkinformation-glib-debuginfo: before 6.4.2-150500.3.17.1
qt6-sql-postgresql-debuginfo: before 6.4.2-150500.3.17.1
qt6-network-private-devel: before 6.4.2-150500.3.17.1
qt6-platformtheme-gtk3: before 6.4.2-150500.3.17.1
qt6-sql-mysql: before 6.4.2-150500.3.17.1
qt6-base-docs-qch: before 6.4.2-150500.3.17.1
qt6-printsupport-private-devel: before 6.4.2-150500.3.17.1
qt6-base-examples: before 6.4.2-150500.3.17.1
qt6-sql-unixODBC-debuginfo: before 6.4.2-150500.3.17.1
qt6-sql-private-devel: before 6.4.2-150500.3.17.1
qt6-platformtheme-xdgdesktopportal: before 6.4.2-150500.3.17.1
qt6-networkinformation-glib: before 6.4.2-150500.3.17.1
qt6-platformsupport-private-devel: before 6.4.2-150500.3.17.1
qt6-platformtheme-gtk3-debuginfo: before 6.4.2-150500.3.17.1
qt6-networkinformation-nm-debuginfo: before 6.4.2-150500.3.17.1
qt6-networkinformation-nm: before 6.4.2-150500.3.17.1
qt6-base-docs-html: before 6.4.2-150500.3.17.1
qt6-sql-postgresql: before 6.4.2-150500.3.17.1
qt6-printsupport-cups: before 6.4.2-150500.3.17.1
qt6-test-private-devel: before 6.4.2-150500.3.17.1
qt6-printsupport-cups-debuginfo: before 6.4.2-150500.3.17.1
qt6-base-devel: before 6.4.2-150500.3.17.1
libQt6OpenGLWidgets6-debuginfo: before 6.4.2-150500.3.17.1
libQt6Widgets6-debuginfo: before 6.4.2-150500.3.17.1
libQt6Gui6: before 6.4.2-150500.3.17.1
libQt6PrintSupport6-debuginfo: before 6.4.2-150500.3.17.1
qt6-base-common-devel: before 6.4.2-150500.3.17.1
libQt6Test6: before 6.4.2-150500.3.17.1
qt6-printsupport-devel: before 6.4.2-150500.3.17.1
qt6-opengl-private-devel: before 6.4.2-150500.3.17.1
libQt6Test6-debuginfo: before 6.4.2-150500.3.17.1
qt6-network-devel: before 6.4.2-150500.3.17.1
qt6-sql-sqlite: before 6.4.2-150500.3.17.1
qt6-base-debugsource: before 6.4.2-150500.3.17.1
qt6-kmssupport-private-devel: before 6.4.2-150500.3.17.1
libQt6OpenGLWidgets6: before 6.4.2-150500.3.17.1
libQt6Network6: before 6.4.2-150500.3.17.1
libQt6Xml6: before 6.4.2-150500.3.17.1
qt6-base-debuginfo: before 6.4.2-150500.3.17.1
libQt6Core6-debuginfo: before 6.4.2-150500.3.17.1
qt6-network-tls-debuginfo: before 6.4.2-150500.3.17.1
libQt6Widgets6: before 6.4.2-150500.3.17.1
qt6-gui-devel: before 6.4.2-150500.3.17.1
libQt6Xml6-debuginfo: before 6.4.2-150500.3.17.1
qt6-openglwidgets-devel: before 6.4.2-150500.3.17.1
libQt6DBus6-debuginfo: before 6.4.2-150500.3.17.1
qt6-widgets-devel: before 6.4.2-150500.3.17.1
libQt6OpenGL6: before 6.4.2-150500.3.17.1
qt6-sql-sqlite-debuginfo: before 6.4.2-150500.3.17.1
libQt6PrintSupport6: before 6.4.2-150500.3.17.1
libQt6OpenGL6-debuginfo: before 6.4.2-150500.3.17.1
libQt6Gui6-debuginfo: before 6.4.2-150500.3.17.1
libQt6DBus6: before 6.4.2-150500.3.17.1
qt6-core-devel: before 6.4.2-150500.3.17.1
qt6-opengl-devel: before 6.4.2-150500.3.17.1
qt6-xml-devel: before 6.4.2-150500.3.17.1
qt6-platformsupport-devel-static: before 6.4.2-150500.3.17.1
libQt6Sql6-debuginfo: before 6.4.2-150500.3.17.1
libQt6Network6-debuginfo: before 6.4.2-150500.3.17.1
qt6-core-private-devel: before 6.4.2-150500.3.17.1
libQt6Core6: before 6.4.2-150500.3.17.1
qt6-widgets-private-devel: before 6.4.2-150500.3.17.1
libQt6Concurrent6: before 6.4.2-150500.3.17.1
qt6-dbus-devel: before 6.4.2-150500.3.17.1
libQt6Concurrent6-debuginfo: before 6.4.2-150500.3.17.1
qt6-sql-devel: before 6.4.2-150500.3.17.1
qt6-network-tls: before 6.4.2-150500.3.17.1
libQt6Sql6: before 6.4.2-150500.3.17.1
qt6-test-devel: before 6.4.2-150500.3.17.1
qt6-kmssupport-devel-static: before 6.4.2-150500.3.17.1
qt6-concurrent-devel: before 6.4.2-150500.3.17.1
qt6-base-common-devel-debuginfo: before 6.4.2-150500.3.17.1
qt6-gui-private-devel: before 6.4.2-150500.3.17.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241174-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.