Application Crash Vulnerability in Qt Framework by The Qt Company
CVE-2023-37369

7.5HIGH

Key Information:

Vendor

Qt

Status
Qt
Vendor
CVE Published:
20 August 2023

What is CVE-2023-37369?

A vulnerability in the Qt framework allows for potential application crashes when handling crafted XML strings. This occurs in QXmlStreamReader when an incorrectly formatted prefix exceeds the expected length. The issue affects various versions of Qt up to 6.5.1. Applications utilizing affected versions should be updated to ensure stability and prevent potential disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugreports.qt.io/browse/QTBUG-114829
https://codereview.qt-project.org/c/qt/qtbase/+/455027
https://lists.debian.org/debian-lts-announce/2023/08/msg0...
mailing-list

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.