Login Sign Up

CVE-2020-24742

7.8 HIGH
Remote Code Execution Path Traversal

📋 TL;DR

CVE-2020-24742 is a path traversal vulnerability in Qt's QPluginLoader that loads plugins from the current working directory instead of secure locations. This allows attackers to execute arbitrary code by placing malicious plugin files where Qt applications run. Applications using Qt 5.14.0 for plugin loading are affected.

💻 Affected Systems

Products:
  • Qt-based applications using QPluginLoader
Versions: Qt 5.14.0 only
Operating Systems: All platforms where Qt 5.14.0 runs (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications that use QPluginLoader to load plugins. Applications not using plugin functionality are not vulnerable.

📦 What is this software?

Qt by Qt

View all CVEs affecting Qt →

Qt by Qt

View all CVEs affecting Qt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users run Qt applications from untrusted directories.

🟢

If Mitigated

Limited impact if applications run with minimal privileges and from controlled directories.

🌐 Internet-Facing: MEDIUM - Requires user interaction or specific conditions for remote exploitation.
🏢 Internal Only: HIGH - Easier to exploit in internal environments where users may run applications from various directories.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires placing malicious plugin files in the working directory where Qt applications execute. No authentication needed if attacker can write to that directory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qt 5.14.1 and later

Vendor Advisory: https://codereview.qt-project.org/c/qt/qtbase/+/280730

Restart Required: Yes

Instructions:

1. Upgrade Qt to version 5.14.1 or later. 2. Recompile affected applications with the updated Qt library. 3. Redeploy patched applications. 4. Restart services using Qt.

🔧 Temporary Workarounds

Restrict working directory permissions

linux

Prevent unauthorized users from writing to directories where Qt applications run.

chmod 755 /path/to/application/directory
chown root:root /path/to/application/directory

Run applications from secure directories

all

Ensure Qt applications only execute from trusted, write-protected directories.

🧯 If You Can't Patch

  • Implement strict file system permissions to prevent unauthorized writes to application directories
  • Use application sandboxing or containerization to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check Qt version in use: applications using Qt 5.14.0 with QPluginLoader functionality are vulnerable.

Check Version:

qmake --version (for development) or check application dependencies

Verify Fix Applied:

Verify Qt version is 5.14.1 or later and applications have been recompiled with the updated library.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected plugin loading from non-standard directories
  • Application crashes during plugin initialization

Network Indicators:

  • Unusual outbound connections from Qt applications post-startup

SIEM Query:

Process execution logs showing Qt applications running from unusual directories OR file creation events for plugin files in application directories

📊 Metadata

CVE ID: CVE-2020-24742
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: August 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON