OESA-2023-1489

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.(CVE-2023-24607)

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.(CVE-2023-32762)

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.(CVE-2023-32763)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP2 / qt5-qtbase

Package

Name: qt5-qtbase
Purl: pkg:rpm/openEuler/qt5-qtbase&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.2-7.oe2203sp2

Ecosystem specific

{
    "x86_64": [
        "qt5-qtbase-examples-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-postgresql-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-devel-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-mysql-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-debuginfo-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-gui-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-debugsource-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-static-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-odbc-5.15.2-7.oe2203sp2.x86_64.rpm",
        "qt5-qtbase-private-devel-5.15.2-7.oe2203sp2.x86_64.rpm"
    ],
    "noarch": [
        "qt5-qtbase-common-5.15.2-7.oe2203sp2.noarch.rpm"
    ],
    "aarch64": [
        "qt5-qtbase-debuginfo-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-debugsource-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-private-devel-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-static-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-odbc-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-devel-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-examples-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-mysql-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-postgresql-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-gui-5.15.2-7.oe2203sp2.aarch64.rpm",
        "qt5-qtbase-5.15.2-7.oe2203sp2.aarch64.rpm"
    ],
    "src": [
        "qt5-qtbase-5.15.2-7.oe2203sp2.src.rpm"
    ]
}