Security advisory: Qt SQL ODBC driver plugin

February 08, 2023 by Andy Shaw | Comments

A possible DOS involving the Qt SQL ODBC driver plugin has been found and has been assigned the CVE id CVE-2023-24607.

When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string. This happens on systems where the size of SQLTCHAR is equal to 4.

Solution: Apply the following patches or update to Qt 5.15.13, Qt 6.2.8, Qt 6.4.3

Patches:

dev: https://codereview.qt-project.org/c/qt/qtbase/+/456007, https://codereview.qt-project.org/c/qt/qtbase/+/457235, https://codereview.qt-project.org/c/qt/qtbase/+/457083

Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/456215, https://codereview.qt-project.org/c/qt/qtbase/+/457658, https://codereview.qt-project.org/c/qt/qtbase/+/457936

Qt 6.4: https://codereview.qt-project.org/c/qt/qtbase/+/456216, https://codereview.qt-project.org/c/qt/qtbase/+/457637, https://codereview.qt-project.org/c/qt/qtbase/+/457937 or https://download.qt.io/official_releases/qt/6.4/CVE-2023-24607-qtbase-6.4.diff

Qt 6.2: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457661, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457938 or https://download.qt.io/official_releases/qt/6.2/CVE-2023-24607-qtbase-6.2.diff

Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457662, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457959 or https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff

Development Framework & Tools

Qt Framework

Qt Development Tools

Qt Design Studio

Qt Quality Assurance

Qt Digital Ads

Qt Insight

Quality Assurance Tools

Squish

Coco

Test Center

Axivion Static Code Analysis

Axivion Architecture Verification

More

Qt 6

Licensing

Qt Features

Qt for Python

Industry & Platform Solutions

Industry

Automotive

Micro-Mobility Interfaces

Consumer Electronics

Industrial Automation

Medical Devices

Platform

Desktop, Mobile & Web

Embedded Devices

MCU (Microcontrollers)

Cloud Solutions

More

Next-Gen UX

Limitless Scalability

Productivity

Our Ultimate Collection of Resources

Development Framework & Tools

Qt Resource Center

Qt Blog

Qt Success Stories

Qt Demos

Quality Assurance Tools

QA Resources

QA Blog

QA Success Stories

More

Live Events & Webinars

Documentation

Take Learning Qt to the Next Level

Learn with us

Qt Academy

Qt Educational License

Qt Documentation

Qt Forum

We're Here for You—Support and Services

Helpful Links

Contact Us

Qt Partners

Qt Support

Qt Customer Portal

Qt Customer Success

Qt Professional Services

Security advisory: Qt SQL ODBC driver plugin

Comments

Subscribe to our newsletter

Subscribe Newsletter

Try Qt 6.7 Now!

We're Hiring

Read Next