Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. https://codereview.qt-project.org/c/qt/qtbase/+/456216 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin https://www.qt.io/blog/tag/security https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
Created qt5 tracking bugs for this issue: Affects: fedora-all [bug 2187156]