CVE-2023-38197

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

References

Affected packages

Git / github.com/qt/qtbase

Affected ranges

Type

GIT

Repo

https://github.com/qt/qtbase

Events

Introduced

Fixed

ca725ad9c5331a657c328bf624f2b0b713623276

Introduced

fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17

Fixed

017d80e12fa50c50fa6751a039d3a7c9e799f34c

Introduced

9554d315aa74eaba1726405ee09117e2ebc6111f

Fixed

372eaedc5b8c771c46acc4c96e91bbade4ca3624

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.15.15"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.2.10"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "fixed": "6.5.3"
        }
    ]
}

Affected versions

v5.*

v5.0.0-beta1

v5.0.0-beta2

v5.15.0-alpha1

v5.15.0-beta1

v5.15.0-beta2

v5.15.0-beta3

v5.15.0-beta4

v5.15.10-lts-lgpl

v5.15.11-lts-lgpl

v5.15.12-lts-lgpl

v5.15.13-lts-lgpl

v5.15.14-lts-lgpl

v5.15.3-lts-lgpl

v5.15.4-lts-lgpl

v5.15.5-lts-lgpl

v5.15.6-lts-lgpl

v5.15.7-lts-lgpl

v5.15.8-lts-lgpl

v5.15.9-lts-lgpl

v6.*

v6.0.0-alpha1

v6.0.0-beta1

v6.0.0-beta2

v6.0.0-beta3

v6.0.0-beta4

v6.0.0-beta5

v6.2.0-alpha1

v6.2.0-beta1

v6.2.0-beta2

v6.2.0-beta3

v6.2.0-beta4

v6.2.5-lts-lgpl

v6.2.6-lts-lgpl

v6.2.7-lts-lgpl

v6.2.8-lts-lgpl

v6.2.9-lts-lgpl

v6.5.0-beta1

v6.5.0-beta2

v6.5.0-beta3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38197.json"