Hi, A recently reported potential Use-After-Free issue in Qt’s wasm implementation of QNetworkReply has been assigned the CVE id CVE-2024-30161. The issue was discovered in Qt versions 6.5.4, 6.5.5, and 6.6.2.
QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly if using the affected versions. Solution: Apply the following patch or update to Qt 6.5.6 or 6.6.3 Patches: dev: https://codereview.qt-project.org/c/qt/qtbase/+/544314 Qt 6.6: https://codereview.qt-project.org/c/qt/qtbase/+/548060 or https://download.qt.io/official_releases/qt/6.6/CVE-2024-30161-qtbase-6.6.diff Qt 6.5: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/548490 or https://download.qt.io/official_releases/qt/6.5/CVE-2024-30161-qtbase-6.5.diff Kind regards, Andy -- Andy Shaw Director, Technical Customer Success The Qt Company _______________________________________________ Announce mailing list annou...@qt-project.org https://lists.qt-project.org/listinfo/announce -- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development