CVE-2023-24607
Summary
| CVE | CVE-2023-24607 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-15 01:15:00 UTC |
| Updated | 2023-04-24 20:10:00 UTC |
| Description | Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 | MISC | codereview.qt-project.org | |
| Qt Blog | Security | MISC | www.qt.io | |
| download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff | MISC | download.qt.io | |
| SQL/ODBC: fix some users of toSQLTCHAR() to not assume identical UTF-… · qt/qtbase@aaf1381 · GitHub | MISC | github.com | |
| codereview.qt-project.org/c/qt/qtbase/+/456216 | MISC | codereview.qt-project.org | |
| Security advisory: Qt SQL ODBC driver plugin | MISC | www.qt.io | |
| codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 | MISC | codereview.qt-project.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182186 Debian Security Update for qtbase-opensource-srcqt6-base (CVE-2023-24607)
- 355099 Amazon Linux Security Advisory for qt5-qtbase : ALAS2-2023-2036
- 754216 SUSE Enterprise Linux Security Update for libqt5-qtbase (SUSE-SU-2023:2971-1)
- 754253 SUSE Enterprise Linux Security Update for libqt5-qtbase (SUSE-SU-2023:3207-1)
- 906819 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26044-1)
- 906899 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26048-1)