Unrated severityNVD Advisory· Published Jul 13, 2023· Updated Aug 2, 2024
CVE-2023-38197
CVE-2023-38197
Description
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
Affected products
57- osv-coords57 versionspkg:rpm/almalinux/qt5pkg:rpm/almalinux/qt5-develpkg:rpm/almalinux/qt5-qtbasepkg:rpm/almalinux/qt5-qtbase-commonpkg:rpm/almalinux/qt5-qtbase-develpkg:rpm/almalinux/qt5-qtbase-examplespkg:rpm/almalinux/qt5-qtbase-guipkg:rpm/almalinux/qt5-qtbase-mysqlpkg:rpm/almalinux/qt5-qtbase-odbcpkg:rpm/almalinux/qt5-qtbase-postgresqlpkg:rpm/almalinux/qt5-qtbase-private-develpkg:rpm/almalinux/qt5-qtbase-staticpkg:rpm/almalinux/qt5-rpm-macrospkg:rpm/almalinux/qt5-srpm-macrospkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 5.15.9-1.el9+ 56 more
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.11+kde138-2.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.5.2-1.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.6.2-6.36.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.6.2-6.36.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.6.2-6.36.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2024/04/msg00027.htmlmitremailing-list
- codereview.qt-project.org/c/qt/qtbase/+/488960mitre
News mentions
0No linked articles in our index yet.