CVE-2023-24607Improper Resource Shutdown or Release in QT

CWE-404Improper Resource Shutdown or Release8 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 46.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
QTDebian Qt6-baseDebian Qtbase-opensource-src+7 more
Timeline
PublishedApr 15
Latest updateSep 28

Description

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

NVDqt/qt5.0.05.15.13+2
debiandebian/qt6-base< qt6-base 6.4.2+dfsg-7 (bookworm)
debiandebian/qtbase-opensource-src< qt6-base 6.4.2+dfsg-7 (bookworm)
debiandebian/qtbase-opensource-src-gles< qt6-base 6.4.2+dfsg-7 (bookworm)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
qtbase-opensource-src vulnerabilities2025-09-28
GHSA
GHSA-gfrv-8477-wf9f: Qt before 62023-04-15
OSV
CVE-2023-24607: Qt before 62023-04-15

📋Vendor Advisories

4
Ubuntu
Qt vulnerabilities2025-09-28
Red Hat
qt5: A possible DOS involving the Qt SQL ODBC driver plugin2023-04-15
Microsoft
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13 6.x before 6.2.8 and2023-04-11
Debian
CVE-2023-24607: qt6-base - Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODB...2023
CVE-2023-24607 — Improper Resource Shutdown or Release | cvebase