UBUNTU-CVE-2023-38197

Source
https://ubuntu.com/security/CVE-2023-38197
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-38197.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-38197
Related
Published
2023-07-13T02:15:00Z
Modified
2024-11-20T12:23:09Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

References

Affected packages

Ubuntu:Pro:16.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-2ubuntu9
5.5.1+dfsg-6ubuntu4
5.5.1+dfsg-10ubuntu2
5.5.1+dfsg-13ubuntu1
5.5.1+dfsg-13ubuntu2
5.5.1+dfsg-13ubuntu3
5.5.1+dfsg-14ubuntu1
5.5.1+dfsg-14ubuntu2
5.5.1+dfsg-14ubuntu3
5.5.1+dfsg-15ubuntu1
5.5.1+dfsg-16ubuntu1
5.5.1+dfsg-16ubuntu6
5.5.1+dfsg-16ubuntu7
5.5.1+dfsg-16ubuntu7.1
5.5.1+dfsg-16ubuntu7.2
5.5.1+dfsg-16ubuntu7.5
5.5.1+dfsg-16ubuntu7.6
5.5.1+dfsg-16ubuntu7.7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-10ubuntu1
5.9.1+dfsg-10ubuntu2
5.9.2+dfsg-4ubuntu6
5.9.3+dfsg-0ubuntu1
5.9.3+dfsg-0ubuntu3
5.9.3+dfsg-0ubuntu4
5.9.4+dfsg-0ubuntu3
5.9.4+dfsg-0ubuntu4
5.9.5+dfsg-0ubuntu1
5.9.5+dfsg-0ubuntu2
5.9.5+dfsg-0ubuntu2.1
5.9.5+dfsg-0ubuntu2.3
5.9.5+dfsg-0ubuntu2.4
5.9.5+dfsg-0ubuntu2.5
5.9.5+dfsg-0ubuntu2.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-4ubuntu1
5.12.5+dfsg-2
5.12.5+dfsg-8
5.12.5+dfsg-8build1
5.12.5+dfsg-9build1
5.12.8+dfsg-0ubuntu1
5.12.8+dfsg-0ubuntu2.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qt6-base

Package

Name
qt6-base
Purl
pkg:deb/ubuntu/qt6-base?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.2+dfsg-5ubuntu1
6.2.2+dfsg-6ubuntu1
6.2.2+dfsg-6ubuntu2
6.2.4+dfsg-1ubuntu1
6.2.4+dfsg-2ubuntu1
6.2.4+dfsg-2ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-12
5.15.2+dfsg-13
5.15.2+dfsg-14
5.15.2+dfsg-14ubuntu1
5.15.2+dfsg-14ubuntu3
5.15.2+dfsg-15
5.15.3+dfsg-1
5.15.3+dfsg-2
5.15.3+dfsg-2ubuntu0.1
5.15.3+dfsg-2ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qt6-base

Package

Name
qt6-base
Purl
pkg:deb/ubuntu/qt6-base?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2+dfsg-21.1build5
6.6.2+dfsg-7
6.6.2+dfsg-8
6.6.2+dfsg-9
6.6.2+dfsg-10
6.6.2+dfsg-11
6.6.2+dfsg-12

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.13+dfsg-1ubuntu1
5.15.13+dfsg-4ubuntu1
5.15.15+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qt6-base

Package

Name
qt6-base
Purl
pkg:deb/ubuntu/qt6-base?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2+dfsg-18
6.4.2+dfsg-19
6.4.2+dfsg-19build1
6.4.2+dfsg-20
6.4.2+dfsg-21
6.4.2+dfsg-21.1build4
6.4.2+dfsg-21.1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10+dfsg-3
5.15.10+dfsg-5
5.15.10+dfsg-5ubuntu1
5.15.12+dfsg-1ubuntu1
5.15.12+dfsg-3ubuntu1
5.15.12+dfsg-3ubuntu6
5.15.12+dfsg-3ubuntu7
5.15.13+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}