CVE-2010-2621

Name: CVE-2010-2621
Creator: NVD / NIST
Published: 2010-07-02T20:30:01.707+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 10.54%

Last modified Jun 16, 2026

CVE-2010-2621 is a vulnerability of currently unknown severity. The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.. EPSS estimates a 10.54% chance of exploitation in the next 30 days.

Description

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

Metrics

EPSS Probability

10.54%

95.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Digia	Qt	<= 4.6.3
Qt	Qt	4.0.0
Qt	Qt	4.0.1
Qt	Qt	4.1.0
Qt	Qt	4.1.1
Qt	Qt	4.1.2
Qt	Qt	4.1.3
Qt	Qt	4.1.4
Qt	Qt	4.1.5
Qt	Qt	4.2.0
Qt	Qt	4.2.1
Qt	Qt	4.2.3
Qt	Qt	4.3.0
Qt	Qt	4.3.1
Qt	Qt	4.3.2
Qt	Qt	4.3.3
Qt	Qt	4.3.4
Qt	Qt	4.3.5
Qt	Qt	4.4.0
Qt	Qt	4.4.1
Qt	Qt	4.4.2
Qt	Qt	4.4.3
Qt	Qt	4.5.0
Qt	Qt	4.5.1
Qt	Qt	4.5.2
Qt	Qt	4.5.3
Qt	Qt	4.6.0
Qt	Qt	4.6.1
Qt	Qt	4.6.2

References

http://aluigi.org/adv/qtsslame-adv.txt
http://aluigi.org/poc/qtsslame.zipExploit
http://osvdb.org/65860
http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597
http://secunia.com/advisories/40389Vendor Advisory
http://secunia.com/advisories/46410Vendor Advisory
http://www.securityfocus.com/bid/41250Exploit
http://www.vupen.com/english/advisories/2010/1657Vendor Advisory
https://hermes.opensuse.org/messages/12056605
http://aluigi.org/adv/qtsslame-adv.txt
http://aluigi.org/poc/qtsslame.zipExploit
http://osvdb.org/65860
http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597
http://secunia.com/advisories/40389Vendor Advisory
http://secunia.com/advisories/46410Vendor Advisory
http://www.securityfocus.com/bid/41250Exploit
http://www.vupen.com/english/advisories/2010/1657Vendor Advisory
https://hermes.opensuse.org/messages/12056605

Timeline

Published: Jul 2, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-2621?

How severe is CVE-2010-2621?

Severity scoring for CVE-2010-2621 is pending analysis. The EPSS model estimates a 10.54% probability of exploitation in the next 30 days.

How do I fix CVE-2010-2621?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2621?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST