CVE-2023-24607
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/04/2023
Last modified:
01/05/2024
Description
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* | 5.0.0 (including) | 5.15.13 (excluding) |
| cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* | 6.0.0 (including) | 6.2.8 (excluding) |
| cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* | 6.3.0 (including) | 6.4.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://codereview.qt-project.org/c/qt/qtbase/+/456216
- https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
- https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
- https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
- https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
- https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
- https://www.qt.io/blog/tag/security