PT-2023-8114 · Qt Company+11 · Qt+11
Published
2023-12-13
·
Updated
2026-03-05
·
CVE-2023-51714
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Qt versions prior to 5.15.17
Qt versions 6.x prior to 6.2.11
Qt versions 6.3.x through 6.5.x prior to 6.5.4
Qt versions 6.6.x prior to 6.6.2
Description
An issue was discovered in the HTTP2 implementation in Qt, related to an incorrect HPack integer overflow check in the
network/access/http2/hpacktable.cpp file. This issue can cause an integer overflow when receiving more than 4 GB of total HTTP header data or 2 GB for a single header, potentially allowing an attacker to write data beyond the allocated buffer, leading to a denial of service.Recommendations
For Qt versions prior to 5.15.17, update to version 5.15.17 or later.
For Qt versions 6.x prior to 6.2.11, update to version 6.2.11 or later.
For Qt versions 6.3.x through 6.5.x prior to 6.5.4, update to version 6.5.4 or later.
For Qt versions 6.6.x prior to 6.6.2, update to version 6.6.2 or later.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Qt
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu