CVE-2023-38197

2023-07-1300:00:00

mitre

github.com

version 5.15.15

version 6.x

version 6.3.x

infinite loops

recursive entity expansion

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

54.5%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*"
    ],
    "vendor": "qt",
    "product": "qt",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.15.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:qt:qt:6.3.0:-:*:*:*:*:*:*"
    ],
    "vendor": "qt",
    "product": "qt",
    "versions": [
      {
        "status": "affected",
        "version": "6.3.0",
        "lessThan": "6.5.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
    ],
    "vendor": "fedoraproject",
    "product": "fedora",
    "versions": [
      {
        "status": "affected",
        "version": "38"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"
    ],
    "vendor": "fedoraproject",
    "product": "fedora",
    "versions": [
      {
        "status": "affected",
        "version": "37"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:qt:qt:6.0.0:*:*:*:*:*:*:*"
    ],
    "vendor": "qt",
    "product": "qt",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0",
        "lessThan": "6.2.10",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]