CVE-2023-24607
- Source
- https://cve.org/CVERecord?id=CVE-2023-24607
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24607.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-24607
- Downstream
- Related
- Published
- 2023-04-15T01:15:07.043Z
- Modified
- 2026-02-03T07:35:48.658204Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
- References
-
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
- https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
- https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
- https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
- https://www.qt.io/blog/tag/security
- https://codereview.qt-project.org/c/qt/qtbase/+/456216
- https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217
- https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238
- https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d
Affected packages
Git / github.com/qt/qt5
Git / github.com/qt/qtbase
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qtbase
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedFixed
Affected versions
v5.*
v5.0.0
v5.0.1
v5.0.2
v5.1.0
v5.1.0-alpha1
v5.1.0-beta1
v5.1.0-rc1
v5.1.0-rc2
v5.1.1
v5.10.0
v5.10.0-alpha1
v5.10.0-beta1
v5.10.0-beta2
v5.10.0-beta3
v5.10.0-beta4
v5.10.0-rc1
v5.10.0-rc2
v5.10.0-rc3
v5.10.1
v5.11.0
v5.11.0-alpha1
v5.11.0-beta1
v5.11.0-beta2
v5.11.0-beta3
v5.11.0-beta4
v5.11.0-rc1
v5.11.0-rc2
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.12.0-alpha1
v5.12.0-beta1
v5.12.0-beta2
v5.12.0-beta3
v5.12.0-beta4
v5.12.0-rc1
v5.12.0-rc2
v5.12.1
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.13.2
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.15.10-lts-lgpl
v5.15.11-lts-lgpl
v5.15.12-lts-lgpl
v5.15.3-lts-lgpl
v5.15.4-lts-lgpl
v5.15.5-lts-lgpl
v5.15.6-lts-lgpl
v5.15.7-lts-lgpl
v5.15.8-lts-lgpl
v5.15.9-lts-lgpl
v5.2.0
v5.2.0-alpha1
v5.2.0-beta1
v5.2.0-rc1
v5.2.1
v5.3.0
v5.3.0-alpha1
v5.3.0-beta1
v5.3.0-rc1
v5.3.1
v5.3.2
v5.4.0
v5.4.0-alpha1
v5.4.0-beta1
v5.4.0-rc1
v5.4.1
v5.4.2
v5.5.0
v5.5.0-alpha1
v5.5.0-beta1
v5.5.0-rc1
v5.5.1
v5.6.0
v5.6.0-alpha1
v5.6.0-beta1
v5.6.0-rc1
v5.6.1
v5.6.1-1
v5.6.2
v5.7.0
v5.7.0-alpha1
v5.7.0-beta1
v5.7.0-rc1
v5.7.1
v5.8.0
v5.8.0-alpha1
v5.8.0-beta1
v5.8.0-rc1
v5.9.0
v5.9.0-alpha1
v5.9.0-beta1
v5.9.0-beta2
v5.9.0-beta3
v5.9.0-beta4
v5.9.0-rc1
v5.9.0-rc2
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v6.*
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.2.0-alpha1
v6.2.0-beta1
v6.2.0-beta2
v6.2.0-beta3
v6.2.0-beta4
v6.2.5-lts-lgpl
v6.2.6-lts-lgpl
v6.2.7-lts-lgpl
v6.4.0-beta1
v6.4.0-beta2
v6.4.0-beta3
v6.4.0-beta4
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCResult::prepare"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-0848e401",
"digest": {
"function_hash": "252800487098528502969560155377874210920",
"length": 1503.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCResult::reset"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-3a04ccd9",
"digest": {
"function_hash": "176981847587405161815186066176953525305",
"length": 2079.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCDriver::primaryIndex"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-3aadcdf6",
"digest": {
"function_hash": "231767649323504619791383579173074202052",
"length": 2508.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCDriver::record"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-7df6654a",
"digest": {
"function_hash": "249035898946977597367542997231385299716",
"length": 1781.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/corelib/tools/qvarlengtharray.h",
"function": "QVarLengthArray"
},
"source": "https://github.com/qt/qtbase/commit/519d2d8f442409e86a0ee2fa16bd543342180861",
"id": "CVE-2023-24607-a5aaecac",
"digest": {
"function_hash": "295101940135934345933041483191011700216",
"length": 595.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCDriver::open"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-b921a37f",
"digest": {
"function_hash": "67831296646483273461037135050746472326",
"length": 2343.0
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-d47fbee1",
"digest": {
"line_hashes": [
"217642529427620289499003502620787255878",
"116716139001964074052103999807724031210",
"321470790418837753080398589889158344288",
"241908482120688129157335734488606110699",
"85931507992438679457998139060120233204",
"269283106012881717161604046071818951823",
"90990521189118216827308504549778186604",
"154435026454746122048966494386123211035",
"40716386662201965389155645479666922815",
"57439686605529833079406280594930806048",
"93243892512983491836551095422397007401",
"173410204531750785737275102910415164954",
"26869955747226502446073675622290375021",
"17303138321231635926895014358267821148",
"302556297761808258492598365537657747961",
"65402798577171812734482719301379786116",
"9135277449767183636344521933554634079",
"292969000828891717099147073204442476167",
"301117466471630661872296303834525553184",
"240189804062545303059683673070287792253",
"59772067679540037539435905640619181742",
"146471345151971056192614006168335406669",
"309524104779893930755916499530758084799",
"57483058266469252426633991949183761161",
"222316235965230481914755033386542233218",
"189714220819465519165602308706960756282",
"273495033246851570274378853020724232134",
"149357997340044632117339981399732864870",
"72801526388863202891208037522263763166",
"181652898321082679544699339750060006164",
"196565952345661569669257853320859470053",
"146684922094353461268322557272150796842",
"22396991709896748912509052028930976151",
"73172529853627839080791023834561984988",
"102252110266895922851222943965873788820",
"22970633764676780819376621199153091493",
"112025231129620249239455272886159086827",
"87725635386447058445760451791131120160",
"296468041839081177935276089405774118317",
"65295879771908575459699102460946006028",
"217044956021517558270063184863580359689",
"51353195864791972412836456197582339351",
"277520592720585961549749395294173761484",
"182493347194761557852541202914771777316",
"34526181246488472795543429069910113725",
"119375222992584113237611490838253139605",
"59554400843614566687816741789236451551",
"305801102573263774810598934439156265418",
"239022278838429201872579479128045748887",
"122588598547285151832904296254450080265",
"221792614301079877209855931183550206099",
"294093204275665402663799649398283100925",
"132470842970917883018690465643528223503",
"270349623119937855985725614104674976457",
"113483902513478924154274920385095290052",
"213422471472130706008782371085581756510",
"24786722821269003636934206998817046622",
"182493347194761557852541202914771777316",
"34526181246488472795543429069910113725",
"26842265132237637912666983224858334368",
"186668503974808830817767153083294067897",
"120162442157940422211076303087585930783",
"323953607529819656349016393559157009746",
"166720483419452408647284182906538819505",
"133152490838136202133911872294862178123",
"108672671891204149386044590706018765492",
"217759080297273640108891071808320927206",
"23262945564694321497802041084819870688",
"143211711392164662174878990839765490284",
"245325118562827352953258087501059676065",
"2887790236846419104109894774763636804",
"108243230695364339829024966253614476186",
"57240310449569667848935959574975444419",
"133759038451958793835589695282122121794",
"327357016662287943499059945684731278152",
"112000632698591786147216707396370952584",
"107134897313946292981093051380270514724",
"91145994256518314498317902644262919234",
"8998576765501819859639525114864423597",
"91805994139050163594780213942727565623",
"16876062457813528936661450585520002782",
"317968178618887529825507471525616091015",
"322612405862138961605207428863652270960",
"317968178618887529825507471525616091015",
"36125106701401838209286571182431680169",
"286563963975226011310592153655649183407",
"330558126787226358340674794862672657911",
"138912508260656935790879071682010054756",
"44428568242235516121410485501913831407",
"289475353622598405926887896716690809993",
"206648749712756304143777045402668751959",
"92666969879941325308925304822939278988",
"28839647773389573281808121171465478964",
"297744134679546520378694792017206186792",
"301133427892605504361333561088557662960",
"169783548912343500383285016621034001414",
"189700857183882696018582963305098426889",
"17768313542909086404288333200637491144",
"116536436860378036524245188791444171543",
"79627226527796577928803139925357045552",
"120841840128542238512335122920046209518",
"136816807456310545163599838350042162666",
"297744134679546520378694792017206186792",
"301133427892605504361333561088557662960",
"3986029626658955124633113192384591767",
"103357532456271250252154589398920642831",
"17129839854858459970454747698299280680",
"16716492509609484730464110307808954947",
"324917526262158270575938651752434431776",
"337229091269269207284643007045460422098",
"281732308478039727011066206624165670393",
"305482963662004714087000999139336312346",
"187917436761863171464555499822092426287",
"170353603864628260614718762261742637517",
"297744134679546520378694792017206186792",
"301133427892605504361333561088557662960",
"3986029626658955124633113192384591767",
"168831954651459449739013536369871804717",
"285707588399701132430632972150906696455",
"127222596387287275473423184300016468162",
"88082751744350285890377774132185644500",
"175271788825621109174818957388867856458"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCDriver::tables"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-dc3f46a9",
"digest": {
"function_hash": "222837042868679194554749386866578907087",
"length": 1682.0
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCDriverPrivate::setConnectionOptions"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-dd2c2e02",
"digest": {
"function_hash": "51990642598968749275452792537557796975",
"length": 4153.0
}
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/corelib/tools/qvarlengtharray.h"
},
"source": "https://github.com/qt/qtbase/commit/519d2d8f442409e86a0ee2fa16bd543342180861",
"id": "CVE-2023-24607-e4badc7f",
"digest": {
"line_hashes": [
"174344533808791172224865101240757923064",
"292219089122817761886677078848108447252",
"157381648178923186010867101867476777242",
"208545306413576769817883439594691481482",
"21460200879669521690759595206101232051",
"263960305989060570785386688078128348630",
"174982206297014867183313898130643092065",
"211358169926691951945999549822585869569",
"244735439742552624691379035978819324955",
"280330701152302034312108794158040873354",
"294400776029424231837909997457099990489",
"113645022394016750227380919921066554946",
"320878052515778070762508008096200429102",
"198805573745728019413386933266673087567",
"69531322627785808249344120149368399243",
"208225844310610307393864733518722014736",
"310794867848066553248730596881228213280",
"207728896192900899649567726543019791945",
"9209557387873568089170733517070566958",
"35406923741947535377650458926203038699",
"5471535722605748470853744698129518205"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/plugins/sqldrivers/odbc/qsql_odbc.cpp",
"function": "QODBCResult::exec"
},
"source": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d",
"id": "CVE-2023-24607-e4e068bb",
"digest": {
"function_hash": "119065469992688806340197033843195026639",
"length": 10047.0
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24607.json"