CVE-2023-37369
First published: Sun Aug 20 2023(Updated: )
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qt Qt | <5.15.15 | |
| Qt Qt | >=6.0.0<6.2.9 | |
| Qt Qt | >=6.3.0<6.5.2 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugreports.qt.io/browse/QTBUG-114829
- https://codereview.qt-project.org/c/qt/qtbase/+/455027
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
Frequently Asked Questions
What is the severity of CVE-2023-37369?
The severity of CVE-2023-37369 is high with a severity value of 7.5.
What is the affected software for CVE-2023-37369?
The affected software for CVE-2023-37369 includes Qt versions before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2.
How can CVE-2023-37369 be exploited?
CVE-2023-37369 can be exploited by crafting a malicious XML string that triggers a situation where a prefix is greater than a length.
Is there a fix available for CVE-2023-37369?
Yes, a fix is available for CVE-2023-37369. It is recommended to update to Qt version 5.15.15, 6.2.9, or 6.5.2.
Where can I find more information about CVE-2023-37369?
More information about CVE-2023-37369 can be found in the following references: [Link 1](https://bugreports.qt.io/browse/QTBUG-114829), [Link 2](https://codereview.qt-project.org/c/qt/qtbase/+/455027), [Link 3](https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html).
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/qt
- canonical/qt qt
- version/qt qt/6.0.0
- version/qt qt/6.3.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0