CVE-2023-24607 Information

Description

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13 6.x before 6.2.8 and 6.3.x before 6.4.3.

Reference

https://codereview.qt-project.org/c/qt/qtbase/+/456216 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin https://www.qt.io/blog/tag/security https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff