Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-37369

Date: August 19, 2023

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

Language: C++

Severity Score

Related Resources (13)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/
https://bugreports.qt.io/browse/QTBUG-114829
https://nvd.nist.gov/vuln/detail/CVE-2023-37369
https://codereview.qt-project.org/c/qt/qtbase/+/455027
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://security-tracker.debian.org/tracker/CVE-2023-37369
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/
https://www.qt.io/blog/security-advisory-qxmlstreamreader
https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
https://github.com/qt/qtbase/commit/6326bec46a618c72feba4a2bb994c4d475050aed
https://www.mend.io/vulnerability-database/CVE-2023-37369

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us