Back to bug 2222767
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Zack Miele | 2023-07-13 16:48:10 UTC | Blocks | 2222769 | |
| Zack Miele | 2023-07-13 16:48:32 UTC | Depends On | 2222770, 2222771, 2222772, 2222773 | |
| TEJ RATHI | 2023-07-14 05:48:32 UTC | Depends On | 2222847, 2222849, 2222848, 2222850 | |
| TEJ RATHI | 2023-07-19 07:12:40 UTC | Doc Text | Qtbase is vulnerable to a denial of service, caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the function QXmlStreamReader accepts multiple DOCTYPE elements, containing DTD fragments in the XML prolog, and in the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions causes infinite loops in QXmlStreamReader. By persuading a victim to open a specially crafted XML content, an attacker could exploit this vulnerability to cause a denial of service condition. | |
| Alias | TRIAGE-CVE-2023-38197 | CVE-2023-38197 | ||
| Summary | TRIAGE-CVE-2023-38197 qtbase: infinite loops in QXmlStreamReader | CVE-2023-38197 qtbase: infinite loops in QXmlStreamReader | ||
| RaTasha Tillery-Smith | 2023-07-19 13:03:34 UTC | Doc Text | Qtbase is vulnerable to a denial of service, caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the function QXmlStreamReader accepts multiple DOCTYPE elements, containing DTD fragments in the XML prolog, and in the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions causes infinite loops in QXmlStreamReader. By persuading a victim to open a specially crafted XML content, an attacker could exploit this vulnerability to cause a denial of service condition. | A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions, causes infinite loops in QXmlStreamReader. By persuading a victim to open specially crafted XML content, an attacker can cause a denial of service condition. |
Back to bug 2222767