Bugzilla – Bug 1214327
VUL-0: CVE-2023-37369: qt3,libqt5-qtbase,qt6-base,libqt4: buffer overflow in QXmlStreamReader
Last modified: 2024-01-03 16:10:06 UTC
CVE-2023-37369 A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-37369 When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash. https://www.qt.io/blog/security-advisory-qxmlstreamreader (fixed in qtbase-6.5.2) References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37369 https://bugzilla.redhat.com/show_bug.cgi?id=2232173
Created attachment 868834 [details] CVE-2023-37369-qtbase-5.15.diff
Created attachment 868835 [details] CVE-2023-37369-qtbase-6.2.diff
Created attachment 868836 [details] CVE-2023-37369-qtbase-6.5.diff
SUSE-SU-2023:4622-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1196654, 1211298, 1211798, 1211994, 1213326, 1214327 CVE References: CVE-2021-45930, CVE-2023-32573, CVE-2023-32763, CVE-2023-34410, CVE-2023-37369, CVE-2023-38197 Sources used: SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise Server 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): libqt4-devel-doc-4.8.7-8.19.1, libqt4-4.8.7-8.19.1, libqt4-sql-plugins-4.8.7-8.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4951-1: An update that solves one vulnerability and contains one feature can now be installed. Category: security (moderate) Bug References: 1214327 CVE References: CVE-2023-37369 Jira References: PED-6193 Sources used: Basesystem Module 15-SP5 (src): libqt5-qtbase-5.15.8+kde185-150500.4.13.1 Desktop Applications Module 15-SP5 (src): libqt5-qtbase-5.15.8+kde185-150500.4.13.1 openSUSE Leap 15.5 (src): libqt5-qtbase-5.15.8+kde185-150500.4.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4950-1: An update that solves one vulnerability and contains one feature can now be installed. Category: security (moderate) Bug References: 1214327 CVE References: CVE-2023-37369 Jira References: PED-6193 Sources used: openSUSE Leap 15.4 (src): libqt5-qtbase-5.15.2+kde294-150400.6.10.1 Basesystem Module 15-SP4 (src): libqt5-qtbase-5.15.2+kde294-150400.6.10.1 Desktop Applications Module 15-SP4 (src): libqt5-qtbase-5.15.2+kde294-150400.6.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.