BDU:2023-02373

Уязвимость плагина SQL ODBC кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2023-24607

Published: 2023-04-15
Modified: 2024-11-21

CVE-2023-24607

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://codereview.qt-project.org/c/qt/qtbase/+/456216
https://codereview.qt-project.org/c/qt/qtbase/+/456216
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update
[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
https://www.qt.io/blog/tag/security
https://www.qt.io/blog/tag/security

Version: 2.1.0

Package qt5-webchannel update in sisyphus_riscv64 on 2024-04-14

ALT-PU-2024-6591-1

Closed vulnerabilities

BDU:2023-02373

CVE-2023-24607