{"id":"CVE-2024-36048","details":"QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.","modified":"2026-04-02T12:16:33.647443Z","published":"2024-05-18T21:15:47.673Z","related":["MGASA-2024-0197","openSUSE-SU-2024:0138-1","openSUSE-SU-2024:0143-1","openSUSE-SU-2024:14003-1","openSUSE-SU-2024:14006-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"0"},{"fixed":"8e79bee4afa2a1466f360f44fb07d24e432a82a6"},{"introduced":"fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17"},{"fixed":"8c8e225029a8c1982e04a4a5e3d62f08e84e3d15"},{"introduced":"9554d315aa74eaba1726405ee09117e2ebc6111f"},{"fixed":"5d8e9a8415562ba004b38508d91e1fa0254c17d3"},{"introduced":"33f5e985e480283bb0ca9dea5f82643e825ba87c"},{"fixed":"c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.15.17"},{"introduced":"6.0.0"},{"fixed":"6.2.13"},{"introduced":"6.3.0"},{"fixed":"6.5.6"},{"introduced":"6.6.0"},{"fixed":"6.7.1"}]}}],"versions":["qt-v5.0.0-alpha1","v5.0.0","v5.0.0-beta1","v5.0.0-beta2","v5.0.0-rc1","v5.0.0-rc2","v5.0.1","v5.0.2","v5.1.0","v5.1.0-alpha1","v5.1.0-beta1","v5.1.0-rc1","v5.1.0-rc2","v5.1.1","v5.10.0","v5.10.0-alpha1","v5.10.0-beta1","v5.10.0-beta2","v5.10.0-beta3","v5.10.0-beta4","v5.10.0-rc1","v5.10.0-rc2","v5.10.0-rc3","v5.10.1","v5.11.0","v5.11.0-alpha1","v5.11.0-beta1","v5.11.0-beta2","v5.11.0-beta3","v5.11.0-beta4","v5.11.0-rc1","v5.11.0-rc2","v5.11.1","v5.11.2","v5.11.3","v5.12.0","v5.12.0-alpha1","v5.12.0-beta1","v5.12.0-beta2","v5.12.0-beta3","v5.12.0-beta4","v5.12.0-rc1","v5.12.0-rc2","v5.12.1","v5.12.10","v5.12.11","v5.12.12","v5.12.2","v5.12.3","v5.12.4","v5.12.5","v5.12.6","v5.12.7","v5.12.8","v5.12.9","v5.13.0","v5.13.0-alpha1","v5.13.0-beta1","v5.13.0-beta2","v5.13.0-beta3","v5.13.0-beta4","v5.13.0-rc1","v5.13.0-rc2","v5.13.0-rc3","v5.13.1","v5.13.2","v5.14.0","v5.14.0-alpha1","v5.14.0-beta1","v5.14.0-beta2","v5.14.0-beta3","v5.14.0-rc1","v5.14.0-rc2","v5.14.1","v5.14.2","v5.15.0","v5.15.0-alpha1","v5.15.0-beta1","v5.15.0-beta2","v5.15.0-beta3","v5.15.0-beta4","v5.15.0-rc1","v5.15.0-rc2","v5.15.1","v5.15.10-lts-lgpl","v5.15.11-lts-lgpl","v5.15.12-lts-lgpl","v5.15.13-lts-lgpl","v5.15.14-lts-lgpl","v5.15.15-lts-lgpl","v5.15.16-lts-lgpl","v5.15.18-lts-lgpl","v5.15.2","v5.15.3-lts-lgpl","v5.15.4-lts-lgpl","v5.15.5-lts-lgpl","v5.15.6-lts-lgpl","v5.15.7-lts-lgpl","v5.15.8-lts-lgpl","v5.15.9-lts-lgpl","v5.2.0","v5.2.0-alpha1","v5.2.0-beta1","v5.2.0-rc1","v5.2.1","v5.3.0","v5.3.0-alpha1","v5.3.0-beta1","v5.3.0-rc1","v5.3.1","v5.3.2","v5.4.0","v5.4.0-alpha1","v5.4.0-beta1","v5.4.0-rc1","v5.4.1","v5.4.2","v5.5.0","v5.5.0-alpha1","v5.5.0-beta1","v5.5.0-rc1","v5.5.1","v5.6.0","v5.6.0-alpha1","v5.6.0-beta1","v5.6.0-rc1","v5.6.1","v5.6.1-1","v5.6.2","v5.6.3","v5.7.0","v5.7.0-alpha1","v5.7.0-beta1","v5.7.0-rc1","v5.7.1","v5.8.0","v5.8.0-alpha1","v5.8.0-beta1","v5.8.0-rc1","v5.9.0","v5.9.0-alpha1","v5.9.0-beta1","v5.9.0-beta2","v5.9.0-beta3","v5.9.0-beta4","v5.9.0-rc1","v5.9.0-rc2","v5.9.1","v5.9.2","v5.9.3","v5.9.4","v5.9.5","v5.9.6","v5.9.7","v5.9.8","v5.9.9","v6.0.0","v6.0.0-alpha1","v6.0.0-beta1","v6.0.0-beta2","v6.0.0-beta3","v6.0.0-beta4","v6.0.0-beta5","v6.0.0-rc1","v6.0.0-rc2","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.1.0","v6.1.0-alpha1","v6.1.0-beta1","v6.1.0-beta2","v6.1.0-beta3","v6.1.0-rc1","v6.1.0-rc2","v6.1.1","v6.1.2","v6.1.3","v6.10.0","v6.10.0-beta1","v6.10.0-beta2","v6.10.0-beta3","v6.10.0-beta4","v6.10.0-rc1","v6.10.1","v6.10.2","v6.10.3","v6.11.0","v6.11.0-beta1","v6.11.0-beta2","v6.11.0-beta3","v6.11.0-rc1","v6.2.0","v6.2.0-alpha1","v6.2.0-beta1","v6.2.0-beta2","v6.2.0-beta3","v6.2.0-beta4","v6.2.0-rc1","v6.2.0-rc2","v6.2.1","v6.2.10-lts-lgpl","v6.2.11-lts-lgpl","v6.2.12-lts-lgpl","v6.2.2","v6.2.3","v6.2.4","v6.2.5-lts-lgpl","v6.2.6-lts-lgpl","v6.2.7-lts-lgpl","v6.2.8-lts-lgpl","v6.2.9-lts-lgpl","v6.3.0","v6.3.0-alpha1","v6.3.0-beta1","v6.3.0-beta2","v6.3.0-beta3","v6.3.0-rc1","v6.3.1","v6.3.2","v6.4.0","v6.4.0-beta1","v6.4.0-beta2","v6.4.0-beta3","v6.4.0-beta4","v6.4.0-rc1","v6.4.1","v6.4.2","v6.4.3","v6.5.0","v6.5.0-beta1","v6.5.0-beta2","v6.5.0-beta3","v6.5.0-rc1","v6.5.1","v6.5.2","v6.5.3","v6.5.4-lts-lgpl","v6.5.5-lts-lgpl","v6.6.0","v6.6.0-beta1","v6.6.0-beta2","v6.6.0-beta3","v6.6.0-beta4","v6.6.0-rc1","v6.6.1","v6.6.2","v6.6.3","v6.7.0","v6.7.0-beta1","v6.7.0-beta2","v6.7.0-beta3","v6.7.0-rc1","v6.7.0-rc2","v6.7.2","v6.7.3","v6.8.0","v6.8.0-beta1","v6.8.0-beta2","v6.8.0-beta3","v6.8.0-beta4","v6.8.0-rc1","v6.8.1","v6.8.2","v6.8.3","v6.9.0","v6.9.0-beta1","v6.9.0-beta2","v6.9.0-beta3","v6.9.0-rc1","v6.9.1","v6.9.2","v6.9.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36048.json","vanir_signatures":[{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-0cf1020b","digest":{"function_hash":"167710641914584835164638987615464980987","length":255},"signature_version":"v1","target":{"file":"tests/auto/gui/kernel/qwindow/tst_foreignwindow.cpp","function":"tst_ForeignWindow::destroyExplicitly"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/5d8e9a8415562ba004b38508d91e1fa0254c17d3","deprecated":false,"id":"CVE-2024-36048-27de3958","digest":{"threshold":0.9,"line_hashes":["19558493098812227728671165474361015392","106008374532169155072527926556305774515","188893840817205926988204630655514730863","235179633474731591380608793762610541546"]},"signature_version":"v1","target":{"file":"src/tools/qlalr/cppgenerator.cpp"},"signature_type":"Line"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-3433f5bf","digest":{"threshold":0.9,"line_hashes":["150320445698472585452359711103017300747","228784429919967287149882555896621883845","296577847816729286036815618586912137908","293740708044199438632626542404706028099","245147283371604809026738141956992108570"]},"signature_version":"v1","target":{"file":"src/plugins/platforms/xcb/qxcbwindow.cpp"},"signature_type":"Line"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-3aed0601","digest":{"threshold":0.9,"line_hashes":["284488683758679824838732995531507759190","137384156562249189954597410965423276826","223949202602341188889996243530118959715","156428147933671293219285084319497247749"]},"signature_version":"v1","target":{"file":"tests/shared/nativewindow.h"},"signature_type":"Line"},{"source":"https://github.com/qt/qtbase/commit/5d8e9a8415562ba004b38508d91e1fa0254c17d3","deprecated":false,"id":"CVE-2024-36048-40617b24","digest":{"function_hash":"136461757324256813282022259417379127365","length":158},"signature_version":"v1","target":{"file":"src/tools/qlalr/cppgenerator.cpp","function":"CppGenerator::copyrightHeader"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-4afce0fd","digest":{"function_hash":"20983207763261539872075793526631137963","length":461},"signature_version":"v1","target":{"file":"tests/auto/gui/kernel/qwindow/tst_foreignwindow.cpp","function":"tst_ForeignWindow::destroyWhenParentIsDestroyed"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-523556a4","digest":{"function_hash":"251886366003440757698313607737525806609","length":235},"signature_version":"v1","target":{"file":"tests/shared/nativewindow.h","function":"NativeWindow::parentWinId"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-5cfb4c25","digest":{"function_hash":"250516772070905167994963571316013624661","length":238},"signature_version":"v1","target":{"file":"src/plugins/platforms/windows/qwindowswindow.cpp","function":"QWindowsForeignWindow::QWindowsForeignWindow"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-60b98039","digest":{"threshold":0.9,"line_hashes":["255763870131283539416238262527083052562","154290781434968483991591887671502434935","74569841705936854573047932254770923601","270723195833870282506416390078022708435"]},"signature_version":"v1","target":{"file":"src/gui/kernel/qwindow_p.h"},"signature_type":"Line"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-69396c47","digest":{"threshold":0.9,"line_hashes":["271267143252185474985038563552166048983","304703185827017335069513822157713052213","117739349344470412539153357415096516955","85405678149403526245140560040940334407","282548076780827272515054954826773417203","58636945141286012246812604982755324591","226919422802901910251475876837542119878","57657238509838055209967576852470098414","125396915458609705207129786992095377467","130611596281539227421270101693398704059","161423302330941662624559568809690976628","98745766587119799757734107415124725097","223631395069105247929784425858952995805","224696349237157131722753654134206196555","218466060350931645704801792742619652728","286669364175246423205630997889849974160","155499522296625747483328165178536059847","187306856615574609504397138770280786264","235131350359379400929830233080673380980","183348236376123823417323438027111592996","73908069670223730780283871581003907951","209523599475827730032359635212266084710","109323854446146428432329564228585909623","307271913190766715105776552384876072614","327178978675058488392579593919847543707","278295402547499022294253430384398689489","235668346213930321240866402162382560595","239716182879539760265739827611778490047","160193077348762833855369632908184231270","271339712384314528442862761554943401158","263517721054527747583097021726661914757","334177539483362066157487955768220524580","252667410959370162679768442517420660165"]},"signature_version":"v1","target":{"file":"tests/auto/gui/kernel/qwindow/tst_foreignwindow.cpp"},"signature_type":"Line"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-6f2b6b29","digest":{"function_hash":"176722929344905443242641945216116209992","length":1404},"signature_version":"v1","target":{"file":"src/gui/kernel/qwindow.cpp","function":"QWindowPrivate::destroy"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-7a3e94d5","digest":{"function_hash":"336063707599965201397787498120887207169","length":463},"signature_version":"v1","target":{"file":"src/gui/kernel/qwindow.cpp","function":"QWindow::fromWinId"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-83ab456c","digest":{"threshold":0.9,"line_hashes":["170918521822753109722805215684980918371","208900494547661617563751714460267370046","72361635139111024271292197914853792047","296876370931435045398195468025204496532","314588329271105265997394040364548181166","225968566634798766526194628259854332030","197495242586376899286860793700741657745","37764931066808804107608242641882445630","123161753631682005629502020092765198795","127662497201127743309816801617869708966","7456742301097996628237030342816657051","311808879622629141321589447278234192084","33224400154342995976006381824104992882","264303571402420837268788127843935840176","4286483838893697644920445583551222783","215495962327457092015205985936722438580","250759909051104766322651172427407149520","242572804959014945605606592076337298207","66066741872771280887458129748495793889","152204835169387140523345328240925823692","64451311532627355724053563169036360061","228353725361454832350169210217754827285"]},"signature_version":"v1","target":{"file":"src/gui/kernel/qwindow.cpp"},"signature_type":"Line"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-b8966155","digest":{"function_hash":"339466499712346323303186085518200592490","length":385},"signature_version":"v1","target":{"file":"src/plugins/platforms/xcb/qxcbwindow.cpp","function":"QXcbForeignWindow::QXcbForeignWindow"},"signature_type":"Function"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-cb3fac34","digest":{"threshold":0.9,"line_hashes":["320163082161638120848969086796738968097","20851984051808150355602232212892830408","22306868943391977493998565180853396387","326924177956679107123828597211693716992","26867001979929416552194252857180725267"]},"signature_version":"v1","target":{"file":"src/plugins/platforms/windows/qwindowswindow.cpp"},"signature_type":"Line"},{"source":"https://github.com/qt/qtbase/commit/c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85","deprecated":false,"id":"CVE-2024-36048-d4ca6a93","digest":{"function_hash":"199618135588116812246470301302012436158","length":1427},"signature_version":"v1","target":{"file":"src/gui/kernel/qwindow.cpp","function":"QWindowPrivate::create"},"signature_type":"Function"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}