PT-2023-8114 · Qt Company+11 · Qt+11

Publicado

2023-12-13

·

Atualizado

2026-03-05

·

CVE-2023-51714

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.15.17 Qt versions 6.x prior to 6.2.11 Qt versions 6.3.x through 6.5.x prior to 6.5.4 Qt versions 6.6.x prior to 6.6.2
Description An issue was discovered in the HTTP2 implementation in Qt, related to an incorrect HPack integer overflow check in the network/access/http2/hpacktable.cpp file. This issue can cause an integer overflow when receiving more than 4 GB of total HTTP header data or 2 GB for a single header, potentially allowing an attacker to write data beyond the allocated buffer, leading to a denial of service.
Recommendations For Qt versions prior to 5.15.17, update to version 5.15.17 or later. For Qt versions 6.x prior to 6.2.11, update to version 6.2.11 or later. For Qt versions 6.3.x through 6.5.x prior to 6.5.4, update to version 6.5.4 or later. For Qt versions 6.6.x prior to 6.6.2, update to version 6.6.2 or later.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALSA-2024:2276
ALSA-2024:3056
ALT-PU-2024-12677
ALT-PU-2024-13127
ALT-PU-2024-14250
ALT-PU-2024-14263
ALT-PU-2024-2794
ALT-PU-2024-2796
ALT-PU-2024-2797
ALT-PU-2024-2798
ALT-PU-2024-2799
ALT-PU-2024-2800
ALT-PU-2024-2801
ALT-PU-2024-2802
ALT-PU-2024-2803
ALT-PU-2024-2804
ALT-PU-2024-2805
ALT-PU-2024-2806
ALT-PU-2024-2807
ALT-PU-2024-2808
ALT-PU-2024-2809
ALT-PU-2024-2810
ALT-PU-2024-2811
ALT-PU-2024-2812
ALT-PU-2024-2813
ALT-PU-2024-2814
ALT-PU-2024-2815
ALT-PU-2024-2816
ALT-PU-2024-2817
ALT-PU-2024-2818
ALT-PU-2024-2819
ALT-PU-2024-2820
ALT-PU-2024-2821
ALT-PU-2024-2822
ALT-PU-2024-3485
ALT-PU-2025-12243
ALT-PU-2025-12245
ALT-PU-2025-12246
ALT-PU-2025-12247
ALT-PU-2025-12248
ALT-PU-2025-12249
ALT-PU-2025-12250
ALT-PU-2025-12251
ALT-PU-2025-12252
ALT-PU-2025-12253
ALT-PU-2025-12254
ALT-PU-2025-12255
ALT-PU-2025-12256
ALT-PU-2025-12257
ALT-PU-2025-12258
ALT-PU-2025-12259
ALT-PU-2025-12260
ALT-PU-2025-12261
ALT-PU-2025-12262
ALT-PU-2025-12263
ALT-PU-2025-12264
ALT-PU-2025-12265
ALT-PU-2025-12266
ALT-PU-2025-12267
ALT-PU-2025-12268
ALT-PU-2025-12269
ALT-PU-2025-12271
ALT-PU-2025-12272
ALT-PU-2025-12274
ALT-PU-2025-12275
ALT-PU-2025-12276
ALT-PU-2025-12277
ALT-PU-2025-12278
AZL-33517
AZL-38245
BDU:2024-00093
CESA-2024_3056
CVE-2023-51714
DLA-3805-1
INFSA-2024_2276
INFSA-2024_3056
MGASA-2025-0046
OESA-2024-1161
OPENSUSE-SU-2024:13553-1
OPENSUSE-SU-2024:13555-1
RHSA-2024:2276
RHSA-2024:3056
RHSA-2024_2276
RHSA-2024_3056
SUSE-SU-2024:0063-1
SUSE-SU-2024:0138-1
SUSE-SU-2024:2890-1
SUSE-SU-2024:2946-1
SUSE-SU-2024_0063-1
SUSE-SU-2024_0138-1
USN-8076-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Qt
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu