Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:SUSE-SU-2024:2890-1
HistoryAug 13, 2024 - 9:38 a.m.

Security update for libqt5-qtbase

2024-08-1309:38:11
Google
osv.dev
1
cve-2023-51714
integer overflow check
cve-2024-39936
information leakage
http2 communication
cve-2023-45935
null pointer dereference
qxcbconnection::initializeallatoms()
x server anomalous behavior
odbc driver regression fix
potential overflow fix
assemble_hpack_block

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

JSON

This update for libqt5-qtbase fixes the following issues:

  • CVE-2023-51714: Fixed an incorrect integer overflow check (bsc#1218413).
  • CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426)
  • CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120)

Other fixes:

  • Add patch from upstream to fix a regression in the ODBC driver (bsc#1227513, QTBUG-112375)
  • Add upstream patch to fix a potential overflow in assemble_hpack_block()

Related

nessus 41
openvas 7
osv 19
nvd 3
qt 2
redos 1
ubuntucve 3
cve 3
debiancve 3
f5 1
cvelist 3
cbl_mariner 4
redhatcve 2
alpinelinux 1
rocky 2
almalinux 4
fedora 4
vulnrichment 2
prion 1
redhat 14
oraclelinux 5
amazon 1
freebsd 1
gentoo 1
debian 1
ibm 2
nessus
nessus
SUSE SLES15 Security Update : libqt5-qtbase (SUSE-SU-2024:2890-1)
2024-08-14 00:00:00
SUSE SLES15 Security Update : libqt5-qtbase (SUSE-SU-2024:2946-1)
2024-08-17 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libqt5-qtbase (SUSE-SU-2024:2882-1)
2024-08-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2890-1)
2024-08-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:2946-1)
2024-08-19 00:00:00
Fedora: Security Advisory (FEDORA-2024-c37b7a4e71)
2024-08-08 00:00:00
osv
osv
Security update for libqt5-qtbase
2024-08-16 11:09:20
Security update for libqt5-qtbase
2024-08-12 15:40:48
Security update for libqt5-qtbase
2024-08-12 15:41:26
nvd
nvd
CVE-2023-45935
2024-03-27 05:15:47
CVE-2023-51714
2023-12-24 21:15:25
CVE-2024-39936
2024-07-04 21:15:10
qt
qt
Security advisory: Potential Integer Overflow in Qt's HTTP2 implementation
2024-01-02 00:00:00
Security advisory: Recently discovered HTTP2 handling issue impacts Qt
2024-07-17 00:00:00
redos
redos
ROS-20240606-09
2024-06-06 00:00:00
ubuntucve
ubuntucve
CVE-2023-45935
2024-03-27 00:00:00
CVE-2023-51714
2023-12-24 00:00:00
CVE-2024-39936
2024-07-04 00:00:00
cve
cve
CVE-2023-45935
2024-03-27 05:15:47
CVE-2023-51714
2023-12-24 21:15:25
CVE-2024-39936
2024-07-04 21:15:10
debiancve
debiancve
CVE-2023-45935
2024-03-27 05:15:47
CVE-2023-51714
2023-12-24 21:15:25
CVE-2024-39936
2024-07-04 21:15:10
f5
f5
K000140696: Qt vulnerability CVE-2023-51714
2024-08-13 00:00:00
cvelist
cvelist
CVE-2023-51714
2023-12-24 00:00:00
CVE-2024-39936
2024-07-04 00:00:00
CVE-2023-45935
2024-03-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-51714 affecting package qtbase for versions less than 6.6.2-1
2024-06-21 09:32:44
CVE-2023-51714 affecting package qt5-qtbase for versions less than 5.12.11-10
2024-01-19 03:54:24
CVE-2024-39936 affecting package qtbase for versions less than 6.6.2-1
2024-07-24 00:12:29
redhatcve
redhatcve
CVE-2023-51714
2023-12-25 21:01:32
CVE-2024-39936
2024-07-05 02:49:34
alpinelinux
alpinelinux
CVE-2024-39936
2024-07-04 21:15:10
rocky
rocky
qt5-qtbase security update
2024-07-26 12:33:55
qt5-qtbase security update
2024-07-26 12:33:00
almalinux
almalinux
Important: qt5-qtbase security update
2024-07-18 00:00:00
Important: qt5-qtbase security update
2024-07-18 00:00:00
Moderate: qt5-qtbase security update
2024-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: mingw-qt5-qtbase-5.15.14-4.fc40
2024-08-08 02:47:48
[SECURITY] Fedora 40 Update: qt6-qtbase-6.7.2-3.fc40
2024-07-11 01:16:15
[SECURITY] Fedora 39 Update: qt6-qtbase-6.6.2-2.fc39
2024-07-19 02:21:59
vulnrichment
vulnrichment
CVE-2023-45935
2024-03-27 00:00:00
CVE-2024-39936
2024-07-04 00:00:00
prion
prion
Integer overflow
2023-12-24 21:15:00
redhat
redhat
(RHSA-2024:4646) Important: qt5-qtbase security update
2024-07-18 15:18:17
(RHSA-2024:4623) Important: qt5-qtbase security update
2024-07-18 13:02:55
(RHSA-2024:4617) Important: qt5-qtbase security update
2024-07-18 12:54:10
oraclelinux
oraclelinux
qt5-qtbase security update
2024-09-09 00:00:00
qt5-qtbase security update
2024-07-18 00:00:00
qt5-qtbase security update
2024-07-18 00:00:00
amazon
amazon
Medium: qt5-qtbase
2024-01-19 01:51:00
freebsd
freebsd
QtNetwork -- potential buffer overflow
2023-12-14 00:00:00
gentoo
gentoo
QtNetwork: Multiple Vulnerabilities
2024-02-18 00:00:00
debian
debian
[SECURITY] [DLA 3805-1] qtbase-opensource-src security update
2024-04-30 22:47:38
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-07-31 19:41:25
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-06-26 16:06:34

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

JSON
Related for OSV:SUSE-SU-2024:2890-1
nessus41openvas7osv19nvd3qt2redos1ubuntucve3cve3debiancve3f51cvelist3cbl_mariner4redhatcve2alpinelinux1rocky2almalinux4fedora4vulnrichment2prion1redhat14oraclelinux5amazon1freebsd1gentoo1debian1ibm2