CVE-2018-21035
Summary
| CVE | CVE-2018-21035 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-28 21:15:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). |
Risk And Classification
Problem Types: CWE-770
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| codereview.qt-project.org/c/qt/qtwebsockets/+/284735 | MISC | codereview.qt-project.org | Patch, Third Party Advisory |
| [QTBUG-70693] QWebsocket large frame/message issue, denial of service - Qt Bug Tracker | MISC | bugreports.qt.io | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 900114 CBL-Mariner Linux Security Update for qt5-qtbase 5.12.5
- 900287 CBL-Mariner Linux Security Update for qt5-qtbase 5.12.11
- 901564 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (6833-1)
- 903164 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (5929)
- 905878 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (5929-1)
- 906438 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (6833-2)
- 940264 AlmaLinux Security Update for qt5-qtbase and qt5-qtwebsockets (ALSA-2020:4690)
- 960823 Rocky Linux Security Update for qt5-qtbase and qt5-qtwebsockets (RLSA-2020:4690)