{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24607", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T11:03:18.644Z", "dateReserved": "2023-01-29T00:00:00", "datePublished": "2023-04-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T00:06:15.456739"}, "descriptions": [{"lang": "en", "value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.qt.io/blog/tag/security"}, {"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"}, {"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"}, {"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"}, {"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"}, {"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24607", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T15:11:26.446866Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:21:28.108Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.644Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qt.io/blog/tag/security", "tags": ["x_transferred"]}, {"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216", "tags": ["x_transferred"]}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217", "tags": ["x_transferred"]}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238", "tags": ["x_transferred"]}, {"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff", "tags": ["x_transferred"]}, {"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d", "tags": ["x_transferred"]}, {"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.qt.io/blog/tag/security", "tags": ["x_transferred"]}, {"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216", "tags": ["x_transferred"]}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217", "tags": ["x_transferred"]}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238", "tags": ["x_transferred"]}, {"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff", "tags": ["x_transferred"]}, {"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d", "tags": ["x_transferred"]}, {"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html", "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.644Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24607", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T15:11:26.446866Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T15:13:09.574Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.qt.io/blog/tag/security"}, {"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"}, {"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"}, {"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"}, {"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"}, {"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html", "name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-01T00:06:15.456739"}}}, "cveMetadata": {"cveId": "CVE-2023-24607", "state": "PUBLISHED", "dateUpdated": "2024-08-02T11:03:18.644Z", "dateReserved": "2023-01-29T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-04-15T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "82BC32FC-2B1F-4FD4-A368-DD37D7FCBA7E", "versionEndExcluding": "5.15.13", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "4911A94E-AA2F-4017-8702-0AF092FF809F", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DC66FEF-0D94-4464-B9F8-800A1F9424C0", "versionEndExcluding": "6.4.3", "versionStartIncluding": "6.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."}], "id": "CVE-2023-24607", "lastModified": "2024-11-21T07:48:13.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-15T01:15:07.043", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.qt.io/blog/tag/security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.qt.io/blog/tag/security"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "qt5: A possible DOS involving the Qt SQL ODBC driver plugin", "id": "2187154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187154"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-404", "details": ["Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."], "name": "CVE-2023-24607", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "qt5", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "qt5", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-04-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-24607\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24607"], "statement": "This vulnerability is rated as moderate because it allows a remote attacker to cause a denial of service by exploiting the SQL ODBC driver pluginend, by sending a specially crafted string could crash the application, affecting availability but not compromising system security or integrity.", "threat_severity": "Moderate"}