PT-2023-2558 · Qt Company+5 · Qt+5

Andy Shaw

Published

2023-02-20

Updated

2025-09-28

CVE-2023-24607

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Qt versions 5.x through 5.15.12 Qt versions 6.x through 6.2.7 Qt versions 6.3.x through 6.4.2

Description The issue is related to the incorrect cleanup or release of resources in the SQL ODBC plugin of the Qt framework. This can be exploited by a remote attacker to cause a denial of service using specially crafted data. The vulnerability is triggered when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4.

Recommendations For Qt versions 5.x through 5.15.12, update to version 5.15.13 or later. For Qt versions 6.x through 6.2.7, update to version 6.2.8 or later. For Qt versions 6.3.x through 6.4.2, update to version 6.4.3 or later.

Fix

RCE

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-404

Related Identifiers

ALT-PU-2023-1506

ALT-PU-2023-1574

ALT-PU-2023-7215

ALT-PU-2023-7216

ALT-PU-2023-7217

ALT-PU-2023-7218

ALT-PU-2023-7219

ALT-PU-2023-7220

ALT-PU-2023-7221

ALT-PU-2023-7222

ALT-PU-2023-7223

ALT-PU-2023-7224

ALT-PU-2023-7225

ALT-PU-2023-7226

ALT-PU-2023-7227

ALT-PU-2023-7228

ALT-PU-2023-7229

ALT-PU-2023-7230

ALT-PU-2023-7231

ALT-PU-2023-7232

ALT-PU-2023-7233

ALT-PU-2023-7234

ALT-PU-2023-7235

ALT-PU-2023-7236

ALT-PU-2023-7237

ALT-PU-2023-7645

ALT-PU-2024-1120

ALT-PU-2024-2801

ALT-PU-2024-6295

ALT-PU-2024-6297

ALT-PU-2024-6298

ALT-PU-2024-6299

ALT-PU-2024-6300

ALT-PU-2024-6301

ALT-PU-2024-6302

ALT-PU-2024-6303

ALT-PU-2024-6304

ALT-PU-2024-6305

ALT-PU-2024-6306

ALT-PU-2024-6307

ALT-PU-2024-6308

ALT-PU-2024-6309

ALT-PU-2024-6310

ALT-PU-2024-6311

ALT-PU-2024-6312

ALT-PU-2024-6313

ALT-PU-2024-6314

ALT-PU-2024-6315

ALT-PU-2024-6316

ALT-PU-2024-6317

ALT-PU-2024-6318

ALT-PU-2024-6319

ALT-PU-2024-6320

ALT-PU-2024-6321

ALT-PU-2024-6322

ALT-PU-2024-6323

ALT-PU-2024-6324

ALT-PU-2024-6325

ALT-PU-2024-6326

ALT-PU-2024-6327

ALT-PU-2024-6328

ALT-PU-2024-6329

ALT-PU-2024-6633

ALT-PU-2024-6635

ALT-PU-2024-6636

ALT-PU-2024-6637

ALT-PU-2024-6638

ALT-PU-2024-6639

ALT-PU-2024-6640

ALT-PU-2024-6641

ALT-PU-2024-6642

ALT-PU-2024-6643

ALT-PU-2024-6644

ALT-PU-2024-6645

ALT-PU-2024-6646

ALT-PU-2024-6647

ALT-PU-2024-6648

ALT-PU-2024-6649

ALT-PU-2024-6650

ALT-PU-2024-6651

ALT-PU-2024-6652

ALT-PU-2024-6653

ALT-PU-2024-6654

ALT-PU-2024-6655

ALT-PU-2024-6656

ALT-PU-2024-6657

ALT-PU-2024-6658

ALT-PU-2024-6659

ALT-PU-2024-6660

ALT-PU-2024-6661

ALT-PU-2024-6662

ALT-PU-2024-6663

ALT-PU-2024-6664

ALT-PU-2024-6665

ALT-PU-2024-6666

ALT-PU-2024-6667

AZL-26048

BDU:2023-02373

CVE-2023-24607

DLA-3805-1

MGASA-2023-0051

OESA-2023-1270

OESA-2023-1295

OESA-2023-1296

OESA-2023-1489

OESA-2023-1490

OPENSUSE-SU-2023_2982-1

OPENSUSE-SU-2023_3225-1

OPENSUSE-SU-2024:12673-1

OPENSUSE-SU-2024:12801-1

SUSE-SU-2023:1567-1

SUSE-SU-2023:2971-1

SUSE-SU-2023:2982-1

SUSE-SU-2023:3018-1

SUSE-SU-2023:3207-1

SUSE-SU-2023:3225-1

SUSE-SU-2023_2971-1

SUSE-SU-2023_2982-1

SUSE-SU-2023_3018-1

SUSE-SU-2023_3207-1

SUSE-SU-2023_3225-1

USN-7780-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

PT-2023-2558 · Qt Company+5 · Qt+5

CVE-2023-24607

Weakness Enumeration

Related Identifiers

Affected Products

References · 76