Unrated severityNVD Advisory· Published May 22, 2023· Updated Jan 21, 2025

CVE-2023-33285

Description

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

Affected products

Qt/Qtdescription
osv-coords43 versions
pkg:rpm/almalinux/qt5 pkg:rpm/almalinux/qt5-devel pkg:rpm/almalinux/qt5-qtbase pkg:rpm/almalinux/qt5-qtbase-common pkg:rpm/almalinux/qt5-qtbase-devel pkg:rpm/almalinux/qt5-qtbase-examples pkg:rpm/almalinux/qt5-qtbase-gui pkg:rpm/almalinux/qt5-qtbase-mysql pkg:rpm/almalinux/qt5-qtbase-odbc pkg:rpm/almalinux/qt5-qtbase-postgresql pkg:rpm/almalinux/qt5-qtbase-private-devel pkg:rpm/almalinux/qt5-qtbase-static pkg:rpm/almalinux/qt5-rpm-macros pkg:rpm/almalinux/qt5-srpm-macros pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 5.15.9-1.el9+ 42 more
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.10+kde129-1.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.6.0-3.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.6.2-6.36.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.6.2-6.36.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.6.2-6.36.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.debian.org/debian-lts-announce/2024/04/msg00027.htmlmitremailing-list
codereview.qt-project.org/c/qt/qtbase/+/477644mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000