Detections
Analytics

CVE-2023-24607

high

Description

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

References

https://www.qt.io/blog/tag/security

https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin

https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html

https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d

https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff

https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238

https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217

https://codereview.qt-project.org/c/qt/qtbase/+/456216

Details

Source: Mitre, NVD

Published: 2023-04-15

Updated: 2024-05-01

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.01924