7.5
CVE-2023-24607
- EPSS 1.32%
- Veröffentlicht 15.04.2023 01:15:07
- Zuletzt bearbeitet 21.11.2024 07:48:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.32% | 0.671 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
https://codereview.qt-project.org/c/qt/qtbase/+/456216
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
https://www.qt.io/blog/tag/security