2408769 – (CVE-2025-23050) CVE-2025-23050 qt: qt5: qt6: Qt missing length checks

Bug 2408769 (CVE-2025-23050) - CVE-2025-23050 qt: qt5: qt6: Qt missing length checks

Summary: CVE-2025-23050 qt: qt5: qt6: Qt missing length checks

Keywords:
Status:	NEW
Alias:	CVE-2025-23050
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2414296 2414297 2414298 2414299 2414300 2414301 2414302 2414303 2414304 2414306 2414307 2414308 2414305 2414309
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-31 02:01 UTC by OSIDB Bzimport
Modified:	2025-11-11 22:17 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-31 02:01:19 UTC

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.

Note You need to log in before you can comment on or make changes to this bug.