{"id":"CVE-2024-58249","details":"In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.","modified":"2026-04-16T00:01:33.297756344Z","published":"2025-04-16T16:15:29.010Z","related":["SUSE-SU-2025:01735-1","openSUSE-SU-2025:15309-1"],"references":[{"type":"WEB","url":"https://github.com/wxWidgets/wxWidgets/compare/v3.2.6...v3.2.7"},{"type":"REPORT","url":"https://github.com/wxWidgets/wxWidgets/issues/24885"},{"type":"FIX","url":"https://github.com/wxWidgets/wxWidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wxWidgets/wxWidgets","events":[{"introduced":"0"},{"fixed":"d74ef99edca34d5b44b74875fcdf97cc236feb75"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.2.7"}]}},{"type":"GIT","repo":"https://github.com/wxwidgets/wxwidgets","events":[{"introduced":"0"},{"fixed":"f2918a9ac823074901ce27de939baa57788beb3d"}]}],"versions":["v3.1.0","v3.1.1","v3.1.1-rc","v3.1.2","v3.1.3","v3.1.4","v3.1.4-rc1","v3.1.5","v3.1.6","v3.1.6-final","v3.1.6-rc2","v3.1.7","v3.2.0","v3.2.0-rc1","v3.2.0-rc2","v3.2.1","v3.2.2","v3.2.2-rc1","v3.2.3","v3.2.3-rc1","v3.2.4","v3.2.4-with-msvs2012-fix","v3.2.4.1","v3.2.5","v3.2.5-rc1","v3.2.6","v3.2.6-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58249.json","vanir_signatures":[{"source":"https://github.com/wxwidgets/wxwidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d","id":"CVE-2024-58249-2d41d217","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["55083144890868739083614914620252730239","108313112860117601384290228157239564918","126495346316543551184162242556486311213","314355380243575063010286072183556392029","202357086586008850495564520176995788430","274795844244463718561441966099836076276","267572019347083893814208188352795121220","279818782563851987998245555200821975960","7894440299612293898069676258104115282","323988260553426485072282779326962424831","197174488357494784604705884101464193893","6232812326414173620225232118201493688","98234981854659012750577465621754080428","292301343729493749418119879990745843355","165224587861408244391160495940958333694","158823696904387674814399142300946587389","32081485246183995404117289729767783851","82159390929085417262245417127832533239","235509111696705385160139168832282673798","127347974839472314699313779320768150990","295512807352568808436991116447625220518","335697899298499546570621183396948620291","259023481096727990945577457318190996778","85919308076834563434036919038468935459","79007016293087999928717044077202210583","318793428093022404145232844837850648021","48412833427305921038931743449181816275","173477869139896025799074029226906080636","6999803882816127560055153909033144548","329819072570741230883155692884189013796","147401554203739300125666303138418199858","170447934329486484455055732781772637864","102788080901050853010123369852921310061","257064692063568193002474892598942731772","165419304820163569361632672043648294052","8667869844453568224588151482213079670","27025029270458448632409483293715150137","184799540691282301372244661283919457811","229122526936236820922457965555461341450","86202871640250420963934162477915210932","322895902351281759730193020944407578517","96360616053155681203541503187151803139","310153392098852837662437723067566410941","238463801885312826094849003975242384932","34063361932545835121024672238541399880","10891805401342124734811068365512321555","80225915506184880251028145248239772564","53557230260660837548848060398357124936","102366252672134015831015480412219111359","275838419010596305851402574362641097215","49986621957867070580279612533926137372"],"threshold":0.9},"signature_version":"v1","target":{"file":"src/common/webrequest_curl.cpp"}},{"digest":{"length":218,"function_hash":"237251620557187969920908251045779773184"},"id":"CVE-2024-58249-7ab48bd0","signature_type":"Function","deprecated":false,"source":"https://github.com/wxwidgets/wxwidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d","signature_version":"v1","target":{"file":"src/common/webrequest_curl.cpp","function":"SocketPollerSourceHandler::SendEvent"}},{"source":"https://github.com/wxwidgets/wxwidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d","id":"CVE-2024-58249-9bbfb67d","signature_type":"Function","deprecated":false,"digest":{"length":82,"function_hash":"37613130367405007294880968621169156752"},"signature_version":"v1","target":{"file":"src/common/webrequest_curl.cpp","function":"SourceSocketPoller::SourceSocketPoller"}},{"digest":{"length":204,"function_hash":"223206175320810777805181521700420217799"},"id":"CVE-2024-58249-c66304d6","signature_type":"Function","deprecated":false,"source":"https://github.com/wxwidgets/wxwidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d","signature_version":"v1","target":{"file":"src/common/webrequest_curl.cpp","function":"SourceSocketPoller::StopPolling"}},{"source":"https://github.com/wxwidgets/wxwidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d","id":"CVE-2024-58249-d20ea74c","signature_type":"Function","deprecated":false,"digest":{"length":129,"function_hash":"18546288903355533172046195086242717572"},"signature_version":"v1","target":{"file":"src/common/webrequest_curl.cpp","function":"SocketPollerSourceHandler::SocketPollerSourceHandler"}},{"digest":{"function_hash":"286252639745796170772819907106135822063","length":717},"id":"CVE-2024-58249-fdaf5bb0","signature_type":"Function","deprecated":false,"source":"https://github.com/wxwidgets/wxwidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d","signature_version":"v1","target":{"file":"src/common/webrequest_curl.cpp","function":"SourceSocketPoller::StartPolling"}}],"vanir_signatures_modified":"2026-04-11T02:59:22Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}