Unrated severityNVD Advisory· Published Aug 20, 2023· Updated Aug 2, 2024

CVE-2023-37369

Description

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

Affected products

Qt/Qtdescription
osv-coords43 versions
pkg:rpm/almalinux/qt5 pkg:rpm/almalinux/qt5-devel pkg:rpm/almalinux/qt5-qtbase pkg:rpm/almalinux/qt5-qtbase-common pkg:rpm/almalinux/qt5-qtbase-devel pkg:rpm/almalinux/qt5-qtbase-examples pkg:rpm/almalinux/qt5-qtbase-gui pkg:rpm/almalinux/qt5-qtbase-mysql pkg:rpm/almalinux/qt5-qtbase-odbc pkg:rpm/almalinux/qt5-qtbase-postgresql pkg:rpm/almalinux/qt5-qtbase-private-devel pkg:rpm/almalinux/qt5-qtbase-static pkg:rpm/almalinux/qt5-rpm-macros pkg:rpm/almalinux/qt5-srpm-macros pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweed pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 5.15.9-1.el9+ 42 more
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.2+kde294-150400.6.10.1
- (no CPE)range: < 5.15.8+kde185-150500.4.13.1
- (no CPE)range: < 5.15.11+kde138-3.1
- (no CPE)range: < 6.5.2-2.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.15.2+kde294-150400.6.10.1
- (no CPE)range: < 5.15.8+kde185-150500.4.13.1
- (no CPE)range: < 5.15.2+kde294-150400.6.10.1
- (no CPE)range: < 5.15.8+kde185-150500.4.13.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlmitremailing-list
lists.debian.org/debian-lts-announce/2024/04/msg00027.htmlmitremailing-list
bugreports.qt.io/browse/QTBUG-114829mitre
codereview.qt-project.org/c/qt/qtbase/+/455027mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000