Unrated severityNVD Advisory· Published Feb 28, 2020· Updated Aug 5, 2024

CVE-2018-21035

Description

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).

Affected products

Qt/Qtdescription
osv-coords2 versions
pkg:rpm/almalinux/qt5-qtbase-static pkg:rpm/almalinux/qt5-qttools-static
< 5.12.5-6.el8+ 1 more
- (no CPE)range: < 5.12.5-6.el8
- (no CPE)range: < 5.12.5-2.el8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugreports.qt.io/browse/QTBUG-70693mitrex_refsource_MISC
codereview.qt-project.org/c/qt/qtwebsockets/+/284735mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000