CVE-2023-51714 — Integer Overflow or Wraparound in QT

CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

9.8CRITICALNVD

OSV7.5

EPSS

0.1%

top 67.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

QT Debian Qt6-base Debian Qtbase-opensource-src +11 more

Timeline

PublishedDec 24

Latest updateMar 5

Description

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

▶NVDqt/qt5.7 — 5.15.17+3

▶debiandebian/qt6-base< qt6-base 6.4.2+dfsg-21 (forky)

▶debiandebian/qtbase-opensource-src< qt6-base 6.4.2+dfsg-21 (forky)

▶debiandebian/qtbase-opensource-src-gles< qt6-base 6.4.2+dfsg-21 (forky)

▶msrcmsrc/azure_linux_3.0_arm

Also affects: Debian Linux 10.0

Patches

Patch: codereview.qt-project.org ↗Patch: codereview.qt-project.org ↗Patch: codereview.qt-project.org ↗

🔴Vulnerability Details

OSV

qtbase-opensource-src vulnerabilities↗2026-03-05

▶

GHSA

GHSA-4fvr-x23f-jwc4: An issue was discovered in the HTTP2 implementation in Qt before 5↗2023-12-24

▶

OSV

CVE-2023-51714: An issue was discovered in the HTTP2 implementation in Qt before 5↗2023-12-24

▶

📋Vendor Advisories

Ubuntu

Qt vulnerabilities↗2026-03-05

▶

Red Hat

qt: incorrect integer overflow check↗2023-12-24

▶

Microsoft

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect↗2023-12-12

▶

Debian

CVE-2023-51714: qt6-base - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x be...↗2023

▶