cbcvebase.
CVE-2023-51714
published 2023-12-24

CVE-2023-51714: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2…

PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.99%
58.0th percentile
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

Affected

17 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianqt6-base< qt6-base 6.4.2+dfsg-21 (forky)qt6-base 6.4.2+dfsg-21 (forky)
debianqtbase-opensource-src< qt6-base 6.4.2+dfsg-21 (forky)qt6-base 6.4.2+dfsg-21 (forky)
debianqtbase-opensource-src-gles< qt6-base 6.4.2+dfsg-21 (forky)qt6-base 6.4.2+dfsg-21 (forky)
msrcazl3_qtbase_6.6.1-1_on_azure_linux_3.0
msrcazl3_qtbase_6.6.2-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_qt5-qtbase_5.12.11-10_on_cbl_mariner_2.0
msrccbl2_qt5-qtbase_5.12.11-15_on_cbl_mariner_2.0
msrccbl2_qt5-qtsvg_5.12.11-6_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
qtqt>= 5.7 < 5.15.175.15.17
qtqt>= 6.0.0 < 6.2.116.2.11
qtqt>= 6.3.0 < 6.5.46.5.4
qtqt>= 6.6.0 < 6.6.26.6.2

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.