{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-16T18:48:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"}, {"tags": ["x_refsource_MISC"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"}, {"tags": ["x_refsource_MISC"], "url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"}, {"tags": ["x_refsource_MISC"], "url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"}, {"tags": ["x_refsource_MISC"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-25255", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://codereview.qt-project.org/c/qt/qtbase/+/393113", "refsource": "MISC", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"}, {"name": "https://codereview.qt-project.org/c/qt/qtbase/+/394914", "refsource": "MISC", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"}, {"name": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", "refsource": "MISC", "url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"}, {"name": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", "refsource": "MISC", "url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"}, {"name": "https://codereview.qt-project.org/c/qt/qtbase/+/396020", "refsource": "MISC", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.650Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-25255", "datePublished": "2022-02-16T18:48:35", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2024-08-03T04:36:06.650Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "37B45907-8F77-416A-BD0E-D0F395BF16E0", "versionEndExcluding": "5.15.9", "versionStartIncluding": "5.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "458A2EFF-9F2D-4D5E-9605-047B231B41EE", "versionEndExcluding": "6.2.4", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."}, {"lang": "es", "value": "En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess pod\u00eda ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH"}], "id": "CVE-2022-25255", "lastModified": "2022-02-28T16:18:19.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-16T19:15:09.300", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7482", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "qt5-0:5.15.3-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8022", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "qt5-0:5.15.3-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "qt: QProcess could execute a binary from the current working directory when not found in the PATH", "id": "2055505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055505"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-427", "details": ["In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.", "A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables."], "name": "CVE-2022-25255", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-02-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-25255\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25255"], "threat_severity": "Moderate", "upstream_fix": "qt 5.15.9, qt 6.2.4"}