CVE-2023-45935

low-risk

Published 2024-03-27

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.2/10 Medium

LOCAL / LOW complexity

References (5)

http://seclists.org/fulldisclosure/2024/Jan/61

https://bugreports.qt.io/browse/QTBUG-115599

http://packetstormsecurity.com/files/176815/qt-6.6-6.5-6.2-Null-Pointer.html

http://seclists.org/fulldisclosure/2024/Jan/61

https://bugreports.qt.io/browse/QTBUG-115599

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal