Bug 2187154 (CVE-2023-24607) - CVE-2023-24607 qt5: A possible DOS involving the Qt SQL ODBC driver plugin
Summary: CVE-2023-24607 qt5: A possible DOS involving the Qt SQL ODBC driver plugin
Keywords:
Status: NEW
Alias: CVE-2023-24607
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2187156 2217696 2217697
Blocks: 2187155
TreeView+ depends on / blocked
 
Reported: 2023-04-17 05:30 UTC by Avinash Hanwate
Modified: 2023-07-07 08:34 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Avinash Hanwate 2023-04-17 05:30:50 UTC 
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

https://codereview.qt-project.org/c/qt/qtbase/+/456216
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
https://www.qt.io/blog/tag/security
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
Comment 1 Avinash Hanwate 2023-04-17 05:32:29 UTC 
Created qt5 tracking bugs for this issue:

Affects: fedora-all [bug 2187156]
Note You need to log in before you can comment on or make changes to this bug.