Vulnerability Description
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qt | Qt | < 5.15.15 |
| Debian | Debian Linux | 10.0 |
References
- https://bugreports.qt.io/browse/QTBUG-114829Exploit
- https://codereview.qt-project.org/c/qt/qtbase/+/455027Patch
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugreports.qt.io/browse/QTBUG-114829Exploit
- https://codereview.qt-project.org/c/qt/qtbase/+/455027Patch
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2023-37369?
CVE-2023-37369 is a vulnerability with a CVSS score of 7.5 (HIGH). In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix...
How severe is CVE-2023-37369?
CVE-2023-37369 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37369?
Check the references section above for vendor advisories and patch information. Affected products include: Qt Qt, Debian Debian Linux.