9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.3%
A recently reported potential integer overflow issue in Qt’s HTTP2 implementation has been assigned the CVE id CVE-2023-51714.
An issue was discovered in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2.
If the HTTP2 implementation receives more then 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow.
Solution: Apply the following two patches or update to Qt 5.15.17, Qt 6.2.11, 6.5.4 or 6.6.2
Patches:
dev: <https://codereview.qt-project.org/c/qt/qtbase/+/524864> and <https://codereview.qt-project.org/c/qt/qtbase/+/524865>[](<https://codereview.qt-project.org/c/qt/qtbase/+/524865/3>)
Qt 6.6: <https://codereview.qt-project.org/c/qt/qtbase/+/525295> and <https://codereview.qt-project.org/c/qt/qtbase/+/525297/3> or <https://download.qt.io/official_releases/qt/6.6/0001-CVE-2023-51714-qtbase-6.6.diff> and <https://download.qt.io/official_releases/qt/6.6/0002-CVE-2023-51714-qtbase-6.6.diff>
Qt 6.5: <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/525624> and <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/525625/1> or <https://download.qt.io/official_releases/qt/6.5/0001-CVE-2023-51714-qtbase-6.5.diff> and <https://download.qt.io/official_releases/qt/6.5/0002-CVE-2023-51714-qtbase-6.5.diff>
Qt 6.2: <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/525709> and <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/525710> or <https://download.qt.io/official_releases/qt/6.2/0001-CVE-2023-51714-qtbase-6.2.diff> and <https://download.qt.io/official_releases/qt/6.2/0002-CVE-2023-51714-qtbase-6.2.diff>
Qt 5.15: <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/525874> and <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/525875> or <https://download.qt.io/official_releases/qt/5.15/0001-CVE-2023-51714-qtbase-5.15.diff> and <https://download.qt.io/official_releases/qt/5.15/0002-CVE-2023-51714-qtbase-5.15.diff>
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.3%