Vulnerability Description
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 10.0 |
| Qt | Qt | >= 5.7, < 5.15.17 |
Related Weaknesses (CWE)
References
- https://codereview.qt-project.org/c/qt/qtbase/+/524864PatchProduct
- https://codereview.qt-project.org/c/qt/qtbase/+/524865/3PatchProduct
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.htmlMailing ListThird Party Advisory
- https://codereview.qt-project.org/c/qt/qtbase/+/524864PatchProduct
- https://codereview.qt-project.org/c/qt/qtbase/+/524865/3PatchProduct
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2023-51714?
CVE-2023-51714 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorr...
How severe is CVE-2023-51714?
CVE-2023-51714 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-51714?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Qt Qt.