CVE-2023-51714

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

Published: Dec 24, 2023
Updated: Jan 5, 2024
CVE: CVE-2023-51714
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
qt / qt	6.6.0	6.6.2
qt / qt	6.3.0	6.5.4
qt / qt	6.0.0	6.2.11
debian / debian_linux	10.0	10.0.x
qt / qt	5.7	5.15.17

https://codereview.qt-project.org/c/qt/qtbase/+/524864
https://codereview.qt-project.org/c/qt/qtbase/+/524865/3
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html

Vulnerability Database

CVE-2023-51714