Security advisory: Qt SQL ODBC driver plugin
February 08, 2023 by Andy Shaw | Comments
A possible DOS involving the Qt SQL ODBC driver plugin has been found and has been assigned the CVE id CVE-2023-24607.
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string. This happens on systems where the size of SQLTCHAR is equal to 4.
Solution: Apply the following patches or update to Qt 5.15.13, Qt 6.2.8, Qt 6.4.3
dev: https://codereview.qt-project.org/c/qt/qtbase/+/456007, https://codereview.qt-project.org/c/qt/qtbase/+/457235, https://codereview.qt-project.org/c/qt/qtbase/+/457083
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/456215, https://codereview.qt-project.org/c/qt/qtbase/+/457658, https://codereview.qt-project.org/c/qt/qtbase/+/457936
Qt 6.4: https://codereview.qt-project.org/c/qt/qtbase/+/456216, https://codereview.qt-project.org/c/qt/qtbase/+/457637, https://codereview.qt-project.org/c/qt/qtbase/+/457937 or https://download.qt.io/official_releases/qt/6.4/CVE-2023-24607-qtbase-6.4.diff
Qt 6.2: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457661, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457938 or https://download.qt.io/official_releases/qt/6.2/CVE-2023-24607-qtbase-6.2.diff
Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457662, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457959 or https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
Subscribe to our newsletter
Try Qt 6.4 Now!
Download the latest release here: www.qt.io/download.
Qt 6 is the productivity platform for the future, with next-gen 2D & 3D UX and limitless scalability.
Explore Qt World
Check our Qt demos and case studies in the virtual Qt World
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Näytä tämä julkaisu Instagramissa.
Want to build something for tomorrow, join #QtPeople today! We have loads of cool jobs you don't want to miss! http://qt.io/careers #builtwithQt #software #developers #coding #framework #tool #tooling #C++ #QML #engineers #sales #tech #technology #UI #UX #CX #Qt #Qtdev #global #openpositions #careers #job
Henkilön Qt (@theqtcompany) jakama julkaisu