Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
References
Link | Resource |
---|---|
https://codereview.qt-project.org/c/qt/qtbase/+/456216 | Issue Tracking |
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 | Permissions Required |
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 | Permissions Required |
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff | Vendor Advisory |
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | |
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin | Product |
https://www.qt.io/blog/tag/security | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-15T00:00:00
Updated: 2024-06-04T17:21:28.108Z
Reserved: 2023-01-29T00:00:00
Link: CVE-2023-24607
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-15T01:15:07.043
Modified: 2024-05-01T01:15:05.727
Link: CVE-2023-24607
JSON object: View
Redhat Information
No data.
CWE