CVE-2012-6093 | Vulnerability Database | Aqua Security

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an incompatible structure layout that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.

Affected Software

Name	Vendor	Start Version	End Version
Qt	Qt	*	4.6.5 (including)
Qt	Qt	4.6.0 (including)	4.6.0 (including)
Qt	Qt	4.6.0-rc1 (including)	4.6.0-rc1 (including)
Qt	Qt	4.6.1 (including)	4.6.1 (including)
Qt	Qt	4.6.2 (including)	4.6.2 (including)
Qt	Qt	4.6.3 (including)	4.6.3 (including)
Qt	Qt	4.6.4 (including)	4.6.4 (including)
Qt4-x11	Ubuntu	devel	*
Qt4-x11	Ubuntu	hardy	*
Qt4-x11	Ubuntu	lucid	*
Qt4-x11	Ubuntu	oneiric	*
Qt4-x11	Ubuntu	precise	*
Qt4-x11	Ubuntu	quantal	*

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
http://secunia.com/advisories/52217
http://www.openwall.com/lists/oss-security/2013/01/04/6
http://www.ubuntu.com/usn/USN-1723-1
https://bugzilla.redhat.com/show_bug.cgi?id=891955
https://codereview.qt-project.org/#change%2C42461

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-6093
CWE	https://cwe.mitre.org/data/definitions/310.html