CVE-2023-24607

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://codereview.qt-project.org/c/qt/qtbase/+/456216	Issue Tracking
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217	Permissions Required
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238	Permissions Required
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff	Vendor Advisory
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin	Product
https://www.qt.io/blog/tag/security	Release Notes
https://codereview.qt-project.org/c/qt/qtbase/+/456216	Issue Tracking
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217	Permissions Required
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238	Permissions Required
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff	Vendor Advisory
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin	Product
https://www.qt.io/blog/tag/security	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:qt:qt::::::::
	cpe:2.3:a:qt:qt::::::::
	cpe:2.3:a:qt:qt::::::::

History

21 Nov 2024, 07:48

Type	Values Removed	Values Added
References	~~() https://codereview.qt-project.org/c/qt/qtbase/+/456216 - Issue Tracking~~	() https://codereview.qt-project.org/c/qt/qtbase/+/456216 - Issue Tracking
References	~~() https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 - Permissions Required~~	() https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 - Permissions Required
References	~~() https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 - Permissions Required~~	() https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 - Permissions Required
References	~~() https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff - Vendor Advisory~~	() https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff - Vendor Advisory
References	~~() https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d - Patch, Third Party Advisory~~	() https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d - Patch, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html -~~	() https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html -
References	~~() https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin - Product~~	() https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin - Product
References	~~() https://www.qt.io/blog/tag/security - Release Notes~~	() https://www.qt.io/blog/tag/security - Release Notes

01 May 2024, 01:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html -

24 Apr 2023, 20:10

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~(MISC) https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 -~~	(MISC) https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 - Permissions Required
References	~~(MISC) https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff -~~	(MISC) https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff - Vendor Advisory
References	~~(MISC) https://codereview.qt-project.org/c/qt/qtbase/+/456216 -~~	(MISC) https://codereview.qt-project.org/c/qt/qtbase/+/456216 - Issue Tracking
References	~~(MISC) https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 -~~	(MISC) https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 - Permissions Required
References	~~(MISC) https://www.qt.io/blog/tag/security -~~	(MISC) https://www.qt.io/blog/tag/security - Release Notes
References	~~(MISC) https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin -~~	(MISC) https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin - Product
References	~~(MISC) https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d -~~	(MISC) https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d - Patch, Third Party Advisory
CPE		cpe:2.3:a:qt:qt::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

15 Apr 2023, 02:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-15 01:15

Updated : 2024-11-21 07:48

NVD link : CVE-2023-24607

Mitre link : CVE-2023-24607

CVE.ORG link : CVE-2023-24607

JSON object : View

Products Affected

CWE

NVD-CWE-noinfo

7.5 /10