CVE-2023-37369 — Classic Buffer Overflow in QT

CWE-120 — Classic Buffer Overflow7 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

QT Debian Linux

Timeline

PublishedAug 20

Description

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDqt/qt6.0.0 — 6.2.9+2

Also affects: Debian Linux 10.0

Patches

Patch: codereview.qt-project.org ↗Patch: codereview.qt-project.org ↗

🔴Vulnerability Details

GHSA

GHSA-h6px-w542-49xj: In Qt before 5↗2023-08-20

▶

CVEList

CVE-2023-37369: In Qt before 5↗2023-08-20

▶

OSV

CVE-2023-37369: In Qt before 5↗2023-08-20

▶

📋Vendor Advisories

Microsoft

In Qt before 5.15.15 6.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.2 there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is↗2023-08-08

▶

Red Hat

qtbase: buffer overflow in QXmlStreamReader↗2023-07-13

▶

Debian

CVE-2023-37369: qt6-base - In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, th...↗2023

▶