CVE-2023-24607

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
qtqt
5.0.0 ≤
𝑥
< 5.15.13
qtqt
6.0.0 ≤
𝑥
< 6.2.8
qtqt
6.3.0 ≤
𝑥
< 6.4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qt6-base
bookworm
6.4.2+dfsg-10
fixed
sid
6.7.2+dfsg-5
fixed
trixie
6.7.2+dfsg-5
fixed
qtbase-opensource-src
bullseye
5.15.2+dfsg-9+deb11u1
fixed
bookworm
5.15.8+dfsg-11+deb12u2
fixed
sid
5.15.15+dfsg-2
fixed
trixie
5.15.15+dfsg-2
fixed
qtbase-opensource-src-gles
bullseye
5.15.2+dfsg-4
fixed
bookworm
5.15.8+dfsg-3
fixed
sid
5.15.15+dfsg-2
fixed
trixie
5.15.15+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt6-base
oracular
needs-triage
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
focal
dne
bionic
dne
xenial
ignored
trusty
ignored
qtbase-opensource-src
oracular
needed
noble
needed
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
focal
needed
bionic
needed
xenial
needed
trusty
ignored
qtbase-opensource-src-gles
oracular
needs-triage
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
focal
needs-triage
bionic
dne
xenial
needs-triage
trusty
ignored
References
https://codereview.qt-project.org/c/qt/qtbase/+/456216
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
https://www.qt.io/blog/tag/security
https://codereview.qt-project.org/c/qt/qtbase/+/456216
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
https://www.qt.io/blog/tag/security