CVE-2023-24607
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-24607
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24607.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-24607
- Downstream
- Related
- Published
- 2023-04-15T01:15:07Z
- Modified
- 2025-10-18T09:24:23.654503Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
- References
-
- https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
- https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
- https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
- https://www.qt.io/blog/tag/security
- https://codereview.qt-project.org/c/qt/qtbase/+/456216
- https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
- https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
Affected packages
Git / github.com/qt/qt5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qt5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
qt-v5.*
qt-v5.0.0-alpha1
v5.*
v5.0.0-beta1
v5.1.0-alpha1
v5.1.0-beta1
v5.1.0-rc1
v5.10.0
v5.10.0-alpha1
v5.10.0-beta1
v5.10.0-beta2
v5.10.0-beta3
v5.10.0-beta4
v5.10.0-rc1
v5.10.0-rc2
v5.10.0-rc3
v5.10.1
v5.11.0
v5.11.0-alpha1
v5.11.0-beta1
v5.11.0-beta2
v5.11.0-beta3
v5.11.0-beta4
v5.11.0-rc1
v5.11.0-rc2
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.12.0-alpha1
v5.12.0-beta1
v5.12.0-beta2
v5.12.0-beta3
v5.12.0-beta4
v5.12.0-rc1
v5.12.0-rc2
v5.12.1
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.15.10-lts-lgpl
v5.15.11-lts-lgpl
v5.15.12-lts-lgpl
v5.15.3-lts-lgpl
v5.15.4-lts-lgpl
v5.15.5-lts-lgpl
v5.15.6-lts-lgpl
v5.15.7-lts-lgpl
v5.15.8-lts-lgpl
v5.15.9-lts-lgpl
v5.2.0-alpha1
v5.2.0-beta1
v5.3.0-alpha1
v5.3.0-beta1
v5.4.0
v5.4.0-alpha1
v5.4.0-beta1
v5.4.0-rc1
v5.4.1
v5.4.2
v5.5.0-alpha1
v5.5.0-beta1
v5.6.0
v5.6.0-alpha1
v5.6.0-beta1
v5.6.0-rc1
v5.6.2
v5.6.3
v5.7.0-alpha1
v5.7.0-beta1
v5.7.0-rc1
v5.8.0
v5.8.0-alpha1
v5.8.0-beta1
v5.8.0-rc1
v5.9.0-alpha1
v5.9.0-beta1
v5.9.0-beta2
v5.9.0-beta3
v5.9.0-beta4
v5.9.0-rc1
v5.9.1
v5.9.2
v5.9.3
v5.9.4
Git / github.com/qt/qt5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qtbase
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
qt-v5.*
qt-v5.0.0-alpha1
v5.*
v5.0.0
v5.0.0-beta1
v5.0.0-beta2
v5.0.0-rc1
v5.0.0-rc2
v5.0.1
v5.0.2
v5.1.0
v5.1.0-alpha1
v5.1.0-beta1
v5.1.0-rc1
v5.1.0-rc2
v5.1.1
v5.10.0
v5.10.0-alpha1
v5.10.0-beta1
v5.10.0-beta2
v5.10.0-beta3
v5.10.0-beta4
v5.10.0-rc1
v5.10.0-rc2
v5.10.0-rc3
v5.10.1
v5.11.0
v5.11.0-alpha1
v5.11.0-beta1
v5.11.0-beta2
v5.11.0-beta3
v5.11.0-beta4
v5.11.0-rc1
v5.11.0-rc2
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.12.0-alpha1
v5.12.0-beta1
v5.12.0-beta2
v5.12.0-beta3
v5.12.0-beta4
v5.12.0-rc1
v5.12.0-rc2
v5.12.1
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.13.2
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.2.0
v5.2.0-alpha1
v5.2.0-beta1
v5.2.0-rc1
v5.2.1
v5.3.0
v5.3.0-alpha1
v5.3.0-beta1
v5.3.0-rc1
v5.3.1
v5.3.2
v5.4.0
v5.4.0-alpha1
v5.4.0-beta1
v5.4.0-rc1
v5.4.1
v5.4.2
v5.5.0
v5.5.0-alpha1
v5.5.0-beta1
v5.5.0-rc1
v5.5.1
v5.6.0
v5.6.0-alpha1
v5.6.0-beta1
v5.6.0-rc1
v5.6.1
v5.6.1-1
v5.6.2
v5.7.0
v5.7.0-alpha1
v5.7.0-beta1
v5.7.0-rc1
v5.7.1
v5.8.0
v5.8.0-alpha1
v5.8.0-beta1
v5.8.0-rc1
v5.9.0
v5.9.0-alpha1
v5.9.0-beta1
v5.9.0-beta2
v5.9.0-beta3
v5.9.0-beta4
v5.9.0-rc1
v5.9.0-rc2
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v6.*
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.4.0-beta1
v6.4.0-beta2
v6.4.0-beta3
v6.4.0-beta4
Database specific
vanir_signatures
[
{
"id": "CVE-2023-24607-0848e401",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCResult::prepare",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "252800487098528502969560155377874210920",
"length": 1503.0
},
"deprecated": false
},
{
"id": "CVE-2023-24607-3a04ccd9",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCResult::reset",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "176981847587405161815186066176953525305",
"length": 2079.0
},
"deprecated": false
},
{
"id": "CVE-2023-24607-3aadcdf6",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCDriver::primaryIndex",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "231767649323504619791383579173074202052",
"length": 2508.0
},
"deprecated": false
},
{
"id": "CVE-2023-24607-7df6654a",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCDriver::record",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "249035898946977597367542997231385299716",
"length": 1781.0
},
"deprecated": false
},
{
"id": "CVE-2023-24607-b921a37f",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCDriver::open",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "67831296646483273461037135050746472326",
"length": 2343.0
},
"deprecated": false
},
{
"id": "CVE-2023-24607-d47fbee1",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Line",
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"217642529427620289499003502620787255878",
"116716139001964074052103999807724031210",
"321470790418837753080398589889158344288",
"241908482120688129157335734488606110699",
"85931507992438679457998139060120233204",
"269283106012881717161604046071818951823",
"90990521189118216827308504549778186604",
"154435026454746122048966494386123211035",
"40716386662201965389155645479666922815",
"57439686605529833079406280594930806048",
"93243892512983491836551095422397007401",
"173410204531750785737275102910415164954",
"26869955747226502446073675622290375021",
"17303138321231635926895014358267821148",
"302556297761808258492598365537657747961",
"65402798577171812734482719301379786116",
"9135277449767183636344521933554634079",
"292969000828891717099147073204442476167",
"301117466471630661872296303834525553184",
"240189804062545303059683673070287792253",
"59772067679540037539435905640619181742",
"146471345151971056192614006168335406669",
"309524104779893930755916499530758084799",
"57483058266469252426633991949183761161",
"222316235965230481914755033386542233218",
"189714220819465519165602308706960756282",
"273495033246851570274378853020724232134",
"149357997340044632117339981399732864870",
"72801526388863202891208037522263763166",
"181652898321082679544699339750060006164",
"196565952345661569669257853320859470053",
"146684922094353461268322557272150796842",
"22396991709896748912509052028930976151",
"73172529853627839080791023834561984988",
"102252110266895922851222943965873788820",
"22970633764676780819376621199153091493",
"112025231129620249239455272886159086827",
"87725635386447058445760451791131120160",
"296468041839081177935276089405774118317",
"65295879771908575459699102460946006028",
"217044956021517558270063184863580359689",
"51353195864791972412836456197582339351",
"277520592720585961549749395294173761484",
"182493347194761557852541202914771777316",
"34526181246488472795543429069910113725",
"119375222992584113237611490838253139605",
"59554400843614566687816741789236451551",
"305801102573263774810598934439156265418",
"239022278838429201872579479128045748887",
"122588598547285151832904296254450080265",
"221792614301079877209855931183550206099",
"294093204275665402663799649398283100925",
"132470842970917883018690465643528223503",
"270349623119937855985725614104674976457",
"113483902513478924154274920385095290052",
"213422471472130706008782371085581756510",
"24786722821269003636934206998817046622",
"182493347194761557852541202914771777316",
"34526181246488472795543429069910113725",
"26842265132237637912666983224858334368",
"186668503974808830817767153083294067897",
"120162442157940422211076303087585930783",
"323953607529819656349016393559157009746",
"166720483419452408647284182906538819505",
"133152490838136202133911872294862178123",
"108672671891204149386044590706018765492",
"217759080297273640108891071808320927206",
"23262945564694321497802041084819870688",
"143211711392164662174878990839765490284",
"245325118562827352953258087501059676065",
"2887790236846419104109894774763636804",
"108243230695364339829024966253614476186",
"57240310449569667848935959574975444419",
"133759038451958793835589695282122121794",
"327357016662287943499059945684731278152",
"112000632698591786147216707396370952584",
"107134897313946292981093051380270514724",
"91145994256518314498317902644262919234",
"8998576765501819859639525114864423597",
"91805994139050163594780213942727565623",
"16876062457813528936661450585520002782",
"317968178618887529825507471525616091015",
"322612405862138961605207428863652270960",
"317968178618887529825507471525616091015",
"36125106701401838209286571182431680169",
"286563963975226011310592153655649183407",
"330558126787226358340674794862672657911",
"138912508260656935790879071682010054756",
"44428568242235516121410485501913831407",
"289475353622598405926887896716690809993",
"206648749712756304143777045402668751959",
"92666969879941325308925304822939278988",
"28839647773389573281808121171465478964",
"297744134679546520378694792017206186792",
"301133427892605504361333561088557662960",
"169783548912343500383285016621034001414",
"189700857183882696018582963305098426889",
"17768313542909086404288333200637491144",
"116536436860378036524245188791444171543",
"79627226527796577928803139925357045552",
"120841840128542238512335122920046209518",
"136816807456310545163599838350042162666",
"297744134679546520378694792017206186792",
"301133427892605504361333561088557662960",
"3986029626658955124633113192384591767",
"103357532456271250252154589398920642831",
"17129839854858459970454747698299280680",
"16716492509609484730464110307808954947",
"324917526262158270575938651752434431776",
"337229091269269207284643007045460422098",
"281732308478039727011066206624165670393",
"305482963662004714087000999139336312346",
"187917436761863171464555499822092426287",
"170353603864628260614718762261742637517",
"297744134679546520378694792017206186792",
"301133427892605504361333561088557662960",
"3986029626658955124633113192384591767",
"168831954651459449739013536369871804717",
"285707588399701132430632972150906696455",
"127222596387287275473423184300016468162",
"88082751744350285890377774132185644500",
"175271788825621109174818957388867856458"
]
},
"deprecated": false
},
{
"id": "CVE-2023-24607-dc3f46a9",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCDriver::tables",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "222837042868679194554749386866578907087",
"length": 1682.0
},
"deprecated": false
},
{
"id": "CVE-2023-24607-dd2c2e02",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCDriverPrivate::setConnectionOptions",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "51990642598968749275452792537557796975",
"length": 4153.0
},
"deprecated": false
},
{
"id": "CVE-2023-24607-e4e068bb",
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"signature_type": "Function",
"target": {
"function": "QODBCResult::exec",
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"signature_version": "v1",
"digest": {
"function_hash": "119065469992688806340197033843195026639",
"length": 10047.0
},
"deprecated": false
}
]