CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

CVSS

No CVSS.

References

Link	Resource
https://codereview.qt-project.org/c/qt/qtbase/+/643777

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de "Use After Free" en el QHttp2ProtocolHandler de Qt, dentro del módulo QtNetwork. Esta vulnerabilidad solo afecta al controlador de HTTP/2; el controlador de HTTP no se ve afectado en absoluto. Esto ocurre debido a una condición de ejecución entre la forma en que QHttp2Stream carga el cuerpo de una solicitud POST y el controlador simultáneo de respuestas de error HTTP. Este problema solo afecta a Qt 6.9.0 y se ha corregido para Qt 6.9.1.

11 Jun 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-11 08:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-5991

Mitre link : CVE-2025-5991

CVE.ORG link : CVE-2025-5991

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

{"id": "CVE-2025-5991", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-11T08:15:22.933", "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/643777", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\nThis issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1."}, {"lang": "es", "value": "Existe una vulnerabilidad de \"Use After Free\" en el QHttp2ProtocolHandler de Qt, dentro del m\u00f3dulo QtNetwork. Esta vulnerabilidad solo afecta al controlador de HTTP/2; el controlador de HTTP no se ve afectado en absoluto. Esto ocurre debido a una condici\u00f3n de ejecuci\u00f3n entre la forma en que QHttp2Stream carga el cuerpo de una solicitud POST y el controlador simult\u00e1neo de respuestas de error HTTP. Este problema solo afecta a Qt 6.9.0 y se ha corregido para Qt 6.9.1."}], "lastModified": "2025-06-12T16:06:20.180", "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3"}