CVE-2023-33285Out-of-bounds Read in QT

CWE-125Out-of-bounds ReadCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
5.3MEDIUMNVD
OSV7.5
EPSS
0.1%
top 74.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
QTDebian Qt6-baseDebian Qtbase-opensource-src+2 more
Timeline
PublishedMay 22
Latest updateSep 28

Description

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

NVDqt/qt5.0.05.15.4+2
debiandebian/qt6-base< qt6-base 6.4.2+dfsg-10 (bookworm)
debiandebian/qtbase-opensource-src< qt6-base 6.4.2+dfsg-10 (bookworm)
debiandebian/qtbase-opensource-src-gles< qt6-base 6.4.2+dfsg-10 (bookworm)

🔴Vulnerability Details

3
OSV
qtbase-opensource-src vulnerabilities2025-09-28
GHSA
GHSA-pwf5-mq6w-f36v: An issue was discovered in Qt 52023-05-22
OSV
CVE-2023-33285: An issue was discovered in Qt 52023-05-22

📋Vendor Advisories

4
Ubuntu
Qt vulnerabilities2025-09-28
Red Hat
qt: buffer over-read via a crafted reply from a DNS server2023-05-22
Microsoft
An issue was discovered in Qt 5.x before 5.15.14 6.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.2023-05-09
Debian
CVE-2023-33285: qt6-base - An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x th...2023
CVE-2023-33285 — Out-of-bounds Read in QT | cvebase