{"id":"CVE-2025-5991","details":"There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\nThis issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.","modified":"2025-06-12T23:52:29.985940Z","published":"2025-06-11T08:15:22Z","withdrawn":"2025-06-28T18:58:33.078164Z","references":[{"type":"WEB","url":"https://codereview.qt-project.org/c/qt/qtbase/+/643777"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2025-5991"}],"affected":[{"package":{"name":"qt6-base","ecosystem":"Debian:12","purl":"pkg:deb/debian/qt6-base?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.4.2+dfsg-10","6.4.2+dfsg-11","6.4.2+dfsg-11~bpo11+1","6.4.2+dfsg-12","6.4.2+dfsg-13","6.4.2+dfsg-14","6.4.2+dfsg-15","6.4.2+dfsg-16","6.4.2+dfsg-17","6.4.2+dfsg-18","6.4.2+dfsg-18+loong64","6.4.2+dfsg-19","6.4.2+dfsg-20","6.4.2+dfsg-21","6.4.2+dfsg-21.1","6.6.0+dfsg-1","6.6.0+dfsg-2","6.6.0+dfsg-3","6.6.0+dfsg-4","6.6.0+dfsg-5","6.6.0+dfsg-6","6.6.1+dfsg-1","6.6.1+dfsg-2","6.6.1+dfsg-3","6.6.1+dfsg-4","6.6.1+dfsg-5","6.6.1+dfsg-6","6.6.2+dfsg-1","6.6.2+dfsg-10","6.6.2+dfsg-11","6.6.2+dfsg-12","6.6.2+dfsg-2","6.6.2+dfsg-3","6.6.2+dfsg-4","6.6.2+dfsg-5","6.6.2+dfsg-6","6.6.2+dfsg-7","6.6.2+dfsg-8","6.6.2+dfsg-9","6.7.2+dfsg-1","6.7.2+dfsg-2","6.7.2+dfsg-3","6.7.2+dfsg-4","6.7.2+dfsg-4+m68k","6.7.2+dfsg-5","6.7.2+dfsg-6","6.8.2+dfsg-1","6.8.2+dfsg-2","6.8.2+dfsg-3","6.8.2+dfsg-4","6.8.2+dfsg-5","6.8.2+dfsg-5+m68k","6.8.2+dfsg-6"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}},{"package":{"name":"qt6-base","ecosystem":"Debian:13","purl":"pkg:deb/debian/qt6-base?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.4.2+dfsg-10","6.4.2+dfsg-11","6.4.2+dfsg-11~bpo11+1","6.4.2+dfsg-12","6.4.2+dfsg-13","6.4.2+dfsg-14","6.4.2+dfsg-15","6.4.2+dfsg-16","6.4.2+dfsg-17","6.4.2+dfsg-18","6.4.2+dfsg-18+loong64","6.4.2+dfsg-19","6.4.2+dfsg-20","6.4.2+dfsg-21","6.4.2+dfsg-21.1","6.6.0+dfsg-1","6.6.0+dfsg-2","6.6.0+dfsg-3","6.6.0+dfsg-4","6.6.0+dfsg-5","6.6.0+dfsg-6","6.6.1+dfsg-1","6.6.1+dfsg-2","6.6.1+dfsg-3","6.6.1+dfsg-4","6.6.1+dfsg-5","6.6.1+dfsg-6","6.6.2+dfsg-1","6.6.2+dfsg-10","6.6.2+dfsg-11","6.6.2+dfsg-12","6.6.2+dfsg-2","6.6.2+dfsg-3","6.6.2+dfsg-4","6.6.2+dfsg-5","6.6.2+dfsg-6","6.6.2+dfsg-7","6.6.2+dfsg-8","6.6.2+dfsg-9","6.7.2+dfsg-1","6.7.2+dfsg-2","6.7.2+dfsg-3","6.7.2+dfsg-4","6.7.2+dfsg-4+m68k","6.7.2+dfsg-5","6.7.2+dfsg-6","6.8.2+dfsg-1","6.8.2+dfsg-2","6.8.2+dfsg-3","6.8.2+dfsg-4","6.8.2+dfsg-5","6.8.2+dfsg-5+m68k","6.8.2+dfsg-6"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}},{"package":{"name":"qtbase-opensource-src","ecosystem":"Debian:11","purl":"pkg:deb/debian/qtbase-opensource-src?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.10+dfsg-1","5.15.10+dfsg-2","5.15.10+dfsg-3","5.15.10+dfsg-4","5.15.10+dfsg-5","5.15.10+dfsg-6","5.15.10+dfsg-7","5.15.10+dfsg-7.1","5.15.10+dfsg-7.2","5.15.11+dfsg-1","5.15.12+dfsg-1","5.15.12+dfsg-2","5.15.12+dfsg-3","5.15.13+dfsg-1","5.15.13+dfsg-2","5.15.13+dfsg-3","5.15.13+dfsg-4","5.15.14+dfsg-1","5.15.15+dfsg-1","5.15.15+dfsg-2","5.15.15+dfsg-3","5.15.15+dfsg-4","5.15.15+dfsg-5","5.15.16+dfsg-1","5.15.16+dfsg-2","5.15.17+dfsg-1","5.15.2+dfsg-10","5.15.2+dfsg-11","5.15.2+dfsg-12","5.15.2+dfsg-13","5.15.2+dfsg-14","5.15.2+dfsg-15","5.15.2+dfsg-16","5.15.2+dfsg-9","5.15.2+dfsg-9+deb11u1","5.15.3+dfsg-1","5.15.3+dfsg-2","5.15.4+dfsg-1","5.15.4+dfsg-2","5.15.4+dfsg-3","5.15.4+dfsg-4","5.15.4+dfsg-5","5.15.5+dfsg-1","5.15.5+dfsg-2","5.15.5+dfsg-3","5.15.6+dfsg-1","5.15.6+dfsg-2","5.15.6+dfsg-3","5.15.6+dfsg-4","5.15.6+dfsg-5","5.15.7+dfsg-1","5.15.7+dfsg-2","5.15.7+dfsg-3","5.15.8+dfsg-1","5.15.8+dfsg-10","5.15.8+dfsg-11","5.15.8+dfsg-12","5.15.8+dfsg-13","5.15.8+dfsg-2","5.15.8+dfsg-3","5.15.8+dfsg-4","5.15.8+dfsg-5","5.15.8+dfsg-6","5.15.8+dfsg-7","5.15.8+dfsg-8","5.15.8+dfsg-9","5.15.9+dfsg-1","5.15.9+dfsg-2","5.15.9+dfsg-3"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}},{"package":{"name":"qtbase-opensource-src","ecosystem":"Debian:12","purl":"pkg:deb/debian/qtbase-opensource-src?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.10+dfsg-1","5.15.10+dfsg-2","5.15.10+dfsg-3","5.15.10+dfsg-4","5.15.10+dfsg-5","5.15.10+dfsg-6","5.15.10+dfsg-7","5.15.10+dfsg-7.1","5.15.10+dfsg-7.2","5.15.11+dfsg-1","5.15.12+dfsg-1","5.15.12+dfsg-2","5.15.12+dfsg-3","5.15.13+dfsg-1","5.15.13+dfsg-2","5.15.13+dfsg-3","5.15.13+dfsg-4","5.15.14+dfsg-1","5.15.15+dfsg-1","5.15.15+dfsg-2","5.15.15+dfsg-3","5.15.15+dfsg-4","5.15.15+dfsg-5","5.15.16+dfsg-1","5.15.16+dfsg-2","5.15.17+dfsg-1","5.15.8+dfsg-11","5.15.8+dfsg-11+deb12u1","5.15.8+dfsg-11+deb12u2","5.15.8+dfsg-11+deb12u3","5.15.8+dfsg-12","5.15.8+dfsg-13","5.15.9+dfsg-1","5.15.9+dfsg-2","5.15.9+dfsg-3"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}},{"package":{"name":"qtbase-opensource-src","ecosystem":"Debian:13","purl":"pkg:deb/debian/qtbase-opensource-src?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.10+dfsg-1","5.15.10+dfsg-2","5.15.10+dfsg-3","5.15.10+dfsg-4","5.15.10+dfsg-5","5.15.10+dfsg-6","5.15.10+dfsg-7","5.15.10+dfsg-7.1","5.15.10+dfsg-7.2","5.15.11+dfsg-1","5.15.12+dfsg-1","5.15.12+dfsg-2","5.15.12+dfsg-3","5.15.13+dfsg-1","5.15.13+dfsg-2","5.15.13+dfsg-3","5.15.13+dfsg-4","5.15.14+dfsg-1","5.15.15+dfsg-1","5.15.15+dfsg-2","5.15.15+dfsg-3","5.15.15+dfsg-4","5.15.15+dfsg-5","5.15.16+dfsg-1","5.15.16+dfsg-2","5.15.17+dfsg-1","5.15.8+dfsg-11","5.15.8+dfsg-12","5.15.8+dfsg-13","5.15.9+dfsg-1","5.15.9+dfsg-2","5.15.9+dfsg-3"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}},{"package":{"name":"qtbase-opensource-src-gles","ecosystem":"Debian:11","purl":"pkg:deb/debian/qtbase-opensource-src-gles?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.10+dfsg-1","5.15.10+dfsg-2","5.15.10+dfsg-3","5.15.10+dfsg-4","5.15.10+dfsg-5","5.15.10+dfsg-6","5.15.12+dfsg-1","5.15.13+dfsg-1","5.15.13+dfsg-2","5.15.15+dfsg-1","5.15.15+dfsg-2","5.15.2+dfsg-4","5.15.2+dfsg-5","5.15.3+dfsg-1","5.15.4+dfsg-1","5.15.4+dfsg-2","5.15.5+dfsg-1","5.15.6+dfsg-1","5.15.6+dfsg-2","5.15.7+dfsg-1","5.15.7+dfsg-2","5.15.8+dfsg-1","5.15.8+dfsg-2","5.15.8+dfsg-3","5.15.9+dfsg-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}},{"package":{"name":"qtbase-opensource-src-gles","ecosystem":"Debian:12","purl":"pkg:deb/debian/qtbase-opensource-src-gles?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.10+dfsg-1","5.15.10+dfsg-2","5.15.10+dfsg-3","5.15.10+dfsg-4","5.15.10+dfsg-5","5.15.10+dfsg-6","5.15.12+dfsg-1","5.15.13+dfsg-1","5.15.13+dfsg-2","5.15.15+dfsg-1","5.15.15+dfsg-2","5.15.8+dfsg-3","5.15.9+dfsg-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}},{"package":{"name":"qtbase-opensource-src-gles","ecosystem":"Debian:13","purl":"pkg:deb/debian/qtbase-opensource-src-gles?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.10+dfsg-1","5.15.10+dfsg-2","5.15.10+dfsg-3","5.15.10+dfsg-4","5.15.10+dfsg-5","5.15.10+dfsg-6","5.15.12+dfsg-1","5.15.13+dfsg-1","5.15.13+dfsg-2","5.15.15+dfsg-1","5.15.15+dfsg-2","5.15.8+dfsg-3","5.15.9+dfsg-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5991.json"}}],"schema_version":"1.7.3"}