Vulnerability CVE-2017-15011: Information

Description

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Fixed packages

References to Advisories, Solutions, and Tools

1. Affected configurations:

   1. Configuration 1

      cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.4.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.5.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.6.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.7.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.10.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.14.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.12.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.10.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.11.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.11.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.11.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.12.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*

      ---