7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
25.8%
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-37369
When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash.
Solution: Validate any XML being passed to QXmlStreamReader that is not already trusted. Alternatively apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, or Qt 6.5.2
Patches:
dev: <https://codereview.qt-project.org/c/qt/qtbase/+/455027>
Qt 6.5: <https://codereview.qt-project.org/c/qt/qtbase/+/488206> or <https://download.qt.io/official_releases/qt/6.5/CVE-2023-37369-qtbase-6.5.diff>
Qt 6.2: <https://download.qt.io/official_releases/qt/6.2/CVE-2023-37369-qtbase-6.2.diff>
Qt 5.15: <https://download.qt.io/official_releases/qt/5.15/CVE-2023-37369-qtbase-5.15.diff>
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
25.8%