Qt 'QSslSocketBackendPrivate::transmit()' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Qt and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service. Impact Level: Application

Solution

Upgrade to version 4.6.4 or later, For updates refer to ftp://ftp.qt.nokia.com/qt/source

Insight

This flaw is due to an endless loop within the 'QSslSocketBackendPrivate::transmit()' function in 'src/network/ssl/qsslsocket_openssl.cpp'. This can be exploited to exhaust CPU resources in server applications using the QSslSocket class.

Affected

Qt Version 4.6.3 and prior.

References

http://aluigi.altervista.org/adv/qtsslame-adv.txt
http://secunia.com/advisories/40389
http://www.vupen.com/english/advisories/2010/1657

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2621

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firefox XUL Parsing Denial of Service Vulnerability (Linux)
Connect back to SOCKS4 server
Comodo Internet Security Denial of Service Vulnerability-03
Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)

Qt 'QSslSocketBackendPrivate::transmit()' Denial of Service Vulnerability

Take action and discover your vulnerabilities