A possible DOS involving the Qt SQL ODBC driver plugin has been found and has been assigned the CVE id CVE-2023-24607.
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string. This happens on systems where the size of SQLTCHAR is equal to 4.
Solution: Apply the following patches or update to Qt 5.15.13, Qt 6.2.8, Qt 6.4.3
Patches:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/456007, https://codereview.qt-project.org/c/qt/qtbase/+/457235, https://codereview.qt-project.org/c/qt/qtbase/+/457083
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/456215, https://codereview.qt-project.org/c/qt/qtbase/+/457658, https://codereview.qt-project.org/c/qt/qtbase/+/457936
Qt 6.4: https://codereview.qt-project.org/c/qt/qtbase/+/456216, https://codereview.qt-project.org/c/qt/qtbase/+/457637, https://codereview.qt-project.org/c/qt/qtbase/+/457937 or https://download.qt.io/official_releases/qt/6.4/CVE-2023-24607-qtbase-6.4.diff
Qt 6.2: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457661, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457938 or https://download.qt.io/official_releases/qt/6.2/CVE-2023-24607-qtbase-6.2.diff
Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457662, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457959 or https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff