vulnerability

Oracle Linux: CVE-2023-38197: ELSA-2023-6369: qt5 security and bug fix update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
07/12/2023
Added
11/16/2023
Modified
12/05/2024

Description

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions, causes infinite loops in QXmlStreamReader. By persuading a victim to open specially crafted XML content, an attacker can cause a denial of service condition.

Solution(s)

oracle-linux-upgrade-adwaita-qt5oracle-linux-upgrade-libadwaita-qt5oracle-linux-upgrade-python3-pyqt5-siporacle-linux-upgrade-python3-qt5oracle-linux-upgrade-python3-qt5-baseoracle-linux-upgrade-python3-qt5-develoracle-linux-upgrade-python-qt5-rpm-macrosoracle-linux-upgrade-qgnomeplatformoracle-linux-upgrade-qt5oracle-linux-upgrade-qt5-assistantoracle-linux-upgrade-qt5-designeroracle-linux-upgrade-qt5-develoracle-linux-upgrade-qt5-doctoolsoracle-linux-upgrade-qt5-linguistoracle-linux-upgrade-qt5-qdbusvieweroracle-linux-upgrade-qt5-qt3doracle-linux-upgrade-qt5-qt3d-develoracle-linux-upgrade-qt5-qt3d-docoracle-linux-upgrade-qt5-qt3d-examplesoracle-linux-upgrade-qt5-qtbaseoracle-linux-upgrade-qt5-qtbase-commonoracle-linux-upgrade-qt5-qtbase-develoracle-linux-upgrade-qt5-qtbase-docoracle-linux-upgrade-qt5-qtbase-examplesoracle-linux-upgrade-qt5-qtbase-guioracle-linux-upgrade-qt5-qtbase-mysqloracle-linux-upgrade-qt5-qtbase-odbcoracle-linux-upgrade-qt5-qtbase-postgresqloracle-linux-upgrade-qt5-qtbase-private-develoracle-linux-upgrade-qt5-qtbase-staticoracle-linux-upgrade-qt5-qtconnectivityoracle-linux-upgrade-qt5-qtconnectivity-develoracle-linux-upgrade-qt5-qtconnectivity-docoracle-linux-upgrade-qt5-qtconnectivity-examplesoracle-linux-upgrade-qt5-qtdeclarativeoracle-linux-upgrade-qt5-qtdeclarative-develoracle-linux-upgrade-qt5-qtdeclarative-docoracle-linux-upgrade-qt5-qtdeclarative-examplesoracle-linux-upgrade-qt5-qtdeclarative-staticoracle-linux-upgrade-qt5-qtdocoracle-linux-upgrade-qt5-qtgraphicaleffectsoracle-linux-upgrade-qt5-qtgraphicaleffects-docoracle-linux-upgrade-qt5-qtimageformatsoracle-linux-upgrade-qt5-qtimageformats-docoracle-linux-upgrade-qt5-qtlocationoracle-linux-upgrade-qt5-qtlocation-develoracle-linux-upgrade-qt5-qtlocation-docoracle-linux-upgrade-qt5-qtlocation-examplesoracle-linux-upgrade-qt5-qtmultimediaoracle-linux-upgrade-qt5-qtmultimedia-develoracle-linux-upgrade-qt5-qtmultimedia-docoracle-linux-upgrade-qt5-qtmultimedia-examplesoracle-linux-upgrade-qt5-qtquickcontrolsoracle-linux-upgrade-qt5-qtquickcontrols2oracle-linux-upgrade-qt5-qtquickcontrols2-develoracle-linux-upgrade-qt5-qtquickcontrols2-docoracle-linux-upgrade-qt5-qtquickcontrols2-examplesoracle-linux-upgrade-qt5-qtquickcontrols-docoracle-linux-upgrade-qt5-qtquickcontrols-examplesoracle-linux-upgrade-qt5-qtscriptoracle-linux-upgrade-qt5-qtscript-develoracle-linux-upgrade-qt5-qtscript-docoracle-linux-upgrade-qt5-qtscript-examplesoracle-linux-upgrade-qt5-qtsensorsoracle-linux-upgrade-qt5-qtsensors-develoracle-linux-upgrade-qt5-qtsensors-docoracle-linux-upgrade-qt5-qtsensors-examplesoracle-linux-upgrade-qt5-qtserialbusoracle-linux-upgrade-qt5-qtserialbus-develoracle-linux-upgrade-qt5-qtserialbus-docoracle-linux-upgrade-qt5-qtserialbus-examplesoracle-linux-upgrade-qt5-qtserialportoracle-linux-upgrade-qt5-qtserialport-develoracle-linux-upgrade-qt5-qtserialport-docoracle-linux-upgrade-qt5-qtserialport-examplesoracle-linux-upgrade-qt5-qtsvgoracle-linux-upgrade-qt5-qtsvg-develoracle-linux-upgrade-qt5-qtsvg-docoracle-linux-upgrade-qt5-qtsvg-examplesoracle-linux-upgrade-qt5-qttoolsoracle-linux-upgrade-qt5-qttools-commonoracle-linux-upgrade-qt5-qttools-develoracle-linux-upgrade-qt5-qttools-docoracle-linux-upgrade-qt5-qttools-examplesoracle-linux-upgrade-qt5-qttools-libs-designeroracle-linux-upgrade-qt5-qttools-libs-designercomponentsoracle-linux-upgrade-qt5-qttools-libs-helporacle-linux-upgrade-qt5-qttools-staticoracle-linux-upgrade-qt5-qttranslationsoracle-linux-upgrade-qt5-qtwaylandoracle-linux-upgrade-qt5-qtwayland-develoracle-linux-upgrade-qt5-qtwayland-docoracle-linux-upgrade-qt5-qtwayland-examplesoracle-linux-upgrade-qt5-qtwebchanneloracle-linux-upgrade-qt5-qtwebchannel-develoracle-linux-upgrade-qt5-qtwebchannel-docoracle-linux-upgrade-qt5-qtwebchannel-examplesoracle-linux-upgrade-qt5-qtwebsocketsoracle-linux-upgrade-qt5-qtwebsockets-develoracle-linux-upgrade-qt5-qtwebsockets-docoracle-linux-upgrade-qt5-qtwebsockets-examplesoracle-linux-upgrade-qt5-qtx11extrasoracle-linux-upgrade-qt5-qtx11extras-develoracle-linux-upgrade-qt5-qtx11extras-docoracle-linux-upgrade-qt5-qtxmlpatternsoracle-linux-upgrade-qt5-qtxmlpatterns-develoracle-linux-upgrade-qt5-qtxmlpatterns-docoracle-linux-upgrade-qt5-qtxmlpatterns-examplesoracle-linux-upgrade-qt5-rpm-macrosoracle-linux-upgrade-qt5-srpm-macros

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today