[Development] [Announce] Security advisory: Qt SQL ODBC driver plugin

List for announcements regarding Qt releases and development via Announce announce at qt-project.org
Wed Feb 8 13:00:47 CET 2023


Hi,

A possible DOS involving the Qt SQL ODBC driver plugin has been found and has been assigned the CVE id CVE-2023-24607.
When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string. This happens on systems where the size of SQLTCHAR is equal to 4.

Solution: Apply the following patches or update to Qt 5.15.13, Qt 6.2.8, Qt 6.4.3

Patches:

dev: https://codereview.qt-project.org/c/qt/qtbase/+/456007, https://codereview.qt-project.org/c/qt/qtbase/+/457235, https://codereview.qt-project.org/c/qt/qtbase/+/457083
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/456215, https://codereview.qt-project.org/c/qt/qtbase/+/457658, https://codereview.qt-project.org/c/qt/qtbase/+/457936
Qt 6.4: https://codereview.qt-project.org/c/qt/qtbase/+/456216, https://codereview.qt-project.org/c/qt/qtbase/+/457637, https://codereview.qt-project.org/c/qt/qtbase/+/457937 or https://download.qt.io/official_releases/qt/6.4/CVE-2023-24607-qtbase-6.4.diff
Qt 6.2: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457661, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457938 or https://download.qt.io/official_releases/qt/6.2/CVE-2023-24607-qtbase-6.2.diff
Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457662, https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/457959 or https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff

Kind regards,
Andy
--
Andy Shaw
Director, Technical Customer Success 
The Qt Company

_______________________________________________
Announce mailing list
Announce at qt-project.org
https://lists.qt-project.org/listinfo/announce


More information about the Development mailing list