7.5

CVE-2023-24607

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QtQt Version >= 5.0.0 < 5.15.13
QtQt Version >= 6.0.0 < 6.2.8
QtQt Version >= 6.3.0 < 6.4.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.32% 0.671
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://codereview.qt-project.org/c/qt/qtbase/+/456216
Issue Tracking
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
Permissions Required
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
Permissions Required
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
Vendor Advisory
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
Product
https://www.qt.io/blog/tag/security
Release Notes