Security advisory: Qt SQL ODBC driver plugin

February 08, 2023 by Andy Shaw | Comments

A possible DOS involving the Qt SQL ODBC driver plugin has been found and has been assigned the CVE id CVE-2023-24607.

When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string. This happens on systems where the size of SQLTCHAR is equal to 4.

Solution: Apply the following patches or update to Qt 5.15.13, Qt 6.2.8, Qt 6.4.3

Patches:

dev: https://codereview.qt-project.org/c/qt/qtbase/+/456007, https://codereview.qt-project.org/c/qt/qtbase/+/457235, https://codereview.qt-project.org/c/qt/qtbase/+/457083

Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/456215, https://codereview.qt-project.org/c/qt/qtbase/+/457658, https://codereview.qt-project.org/c/qt/qtbase/+/457936

Qt 6.4: https://codereview.qt-project.org/c/qt/qtbase/+/456216, https://codereview.qt-project.org/c/qt/qtbase/+/457637, https://codereview.qt-project.org/c/qt/qtbase/+/457937 or https://download.qt.io/official_releases/qt/6.4/CVE-2023-24607-qtbase-6.4.diff

Qt 6.2: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457661, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457938 or https://download.qt.io/official_releases/qt/6.2/CVE-2023-24607-qtbase-6.2.diff

Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457662, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457959 or https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff

Comments

M ↓ Markdown

Foo

0 points

27 months ago

I don't think Qt 6.4.3 exists yet.

Commento

Security advisory: Qt SQL ODBC driver plugin

Comments

Subscribe to our newsletter

Subscribe Newsletter

Try Qt 6.9 Now!

We're Hiring

Read Next