Red Hat Enterprise Linux 9 update for the qt5 stack
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2023-32573 CVE-2023-33285 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 |
| CWE-ID | CWE-369 CWE-125 CWE-295 CWE-119 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system qt5-qtxmlpatterns (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtx11extras (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtwebsockets (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtwebchannel (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtwayland (Red Hat package) Operating systems & Components / Operating system package or component qt5-qttranslations (Red Hat package) Operating systems & Components / Operating system package or component qt5-qttools (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtsvg (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtserialport (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtserialbus (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtsensors (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtscript (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtquickcontrols2 (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtquickcontrols (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtmultimedia (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtlocation (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtimageformats (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtgraphicaleffects (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtdoc (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtdeclarative (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtconnectivity (Red Hat package) Operating systems & Components / Operating system package or component qt5-qtbase (Red Hat package) Operating systems & Components / Operating system package or component qt5-qt3d (Red Hat package) Operating systems & Components / Operating system package or component qt5-doc (Red Hat package) Operating systems & Components / Operating system package or component qt5 (Red Hat package) Operating systems & Components / Operating system package or component qgnomeplatform (Red Hat package) Operating systems & Components / Operating system package or component python-qt5 (Red Hat package) Operating systems & Components / Operating system package or component python-pyqt5-sip (Red Hat package) Operating systems & Components / Operating system package or component adwaita-qt (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Division by zero
EUVDB-ID: #VU76665
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32573
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error in src/svg/qsvghandler.cpp. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 9
Red Hat Enterprise Linux for Power, little endian: 9
Red Hat Enterprise Linux for IBM z Systems: 9
Red Hat Enterprise Linux for x86_64: 9
qt5-qtxmlpatterns (Red Hat package): before 5.15.9-2.el9
qt5-qtx11extras (Red Hat package): before 5.15.9-1.el9
qt5-qtwebsockets (Red Hat package): before 5.15.9-2.el9
qt5-qtwebchannel (Red Hat package): before 5.15.9-1.el9
qt5-qtwayland (Red Hat package): before 5.15.9-1.el9
qt5-qttranslations (Red Hat package): before 5.15.9-1.el9
qt5-qttools (Red Hat package): before 5.15.9-3.el9
qt5-qtsvg (Red Hat package): before 5.15.9-2.el9
qt5-qtserialport (Red Hat package): before 5.15.9-1.el9
qt5-qtserialbus (Red Hat package): before 5.15.9-1.el9
qt5-qtsensors (Red Hat package): before 5.15.9-1.el9
qt5-qtscript (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols2 (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols (Red Hat package): before 5.15.9-1.el9
qt5-qtmultimedia (Red Hat package): before 5.15.9-1.el9
qt5-qtlocation (Red Hat package): before 5.15.9-1.el9
qt5-qtimageformats (Red Hat package): before 5.15.9-1.el9
qt5-qtgraphicaleffects (Red Hat package): before 5.15.9-1.el9
qt5-qtdoc (Red Hat package): before 5.15.9-1.el9
qt5-qtdeclarative (Red Hat package): before 5.15.9-3.el9
qt5-qtconnectivity (Red Hat package): before 5.15.9-2.el9
qt5-qtbase (Red Hat package): before 5.15.9-7.el9
qt5-qt3d (Red Hat package): before 5.15.9-1.el9
qt5-doc (Red Hat package): before 5.15.9-1.el9
qt5 (Red Hat package): before 5.15.9-1.el9
qgnomeplatform (Red Hat package): before 0.9.0-1.el9
python-qt5 (Red Hat package): before 5.15.9-1.el9
python-pyqt5-sip (Red Hat package): before 12.11.1-1.el9
adwaita-qt (Red Hat package): before 1.4.2-1.el9
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:9:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:qt5-qtxmlpatterns_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtx11extras_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebsockets_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebchannel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttranslations_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsvg_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialport_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialbus_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsensors_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtscript_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols2_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtmultimedia_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtlocation_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtimageformats_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtgraphicaleffects_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdoc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdeclarative_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtconnectivity_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtbase_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qt3d_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-doc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qgnomeplatform_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyqt5-sip_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:adwaita-qt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2023:6369
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU76667
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-33285
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to buffer over-read via a crafted reply from a DNS server within the QDnsLookup() function in src/network/kernel/qdnslookup_unix.cpp. A remote attacker can perform a denial of service attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 9
Red Hat Enterprise Linux for Power, little endian: 9
Red Hat Enterprise Linux for IBM z Systems: 9
Red Hat Enterprise Linux for x86_64: 9
qt5-qtxmlpatterns (Red Hat package): before 5.15.9-2.el9
qt5-qtx11extras (Red Hat package): before 5.15.9-1.el9
qt5-qtwebsockets (Red Hat package): before 5.15.9-2.el9
qt5-qtwebchannel (Red Hat package): before 5.15.9-1.el9
qt5-qtwayland (Red Hat package): before 5.15.9-1.el9
qt5-qttranslations (Red Hat package): before 5.15.9-1.el9
qt5-qttools (Red Hat package): before 5.15.9-3.el9
qt5-qtsvg (Red Hat package): before 5.15.9-2.el9
qt5-qtserialport (Red Hat package): before 5.15.9-1.el9
qt5-qtserialbus (Red Hat package): before 5.15.9-1.el9
qt5-qtsensors (Red Hat package): before 5.15.9-1.el9
qt5-qtscript (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols2 (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols (Red Hat package): before 5.15.9-1.el9
qt5-qtmultimedia (Red Hat package): before 5.15.9-1.el9
qt5-qtlocation (Red Hat package): before 5.15.9-1.el9
qt5-qtimageformats (Red Hat package): before 5.15.9-1.el9
qt5-qtgraphicaleffects (Red Hat package): before 5.15.9-1.el9
qt5-qtdoc (Red Hat package): before 5.15.9-1.el9
qt5-qtdeclarative (Red Hat package): before 5.15.9-3.el9
qt5-qtconnectivity (Red Hat package): before 5.15.9-2.el9
qt5-qtbase (Red Hat package): before 5.15.9-7.el9
qt5-qt3d (Red Hat package): before 5.15.9-1.el9
qt5-doc (Red Hat package): before 5.15.9-1.el9
qt5 (Red Hat package): before 5.15.9-1.el9
qgnomeplatform (Red Hat package): before 0.9.0-1.el9
python-qt5 (Red Hat package): before 5.15.9-1.el9
python-pyqt5-sip (Red Hat package): before 12.11.1-1.el9
adwaita-qt (Red Hat package): before 1.4.2-1.el9
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:9:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:qt5-qtxmlpatterns_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtx11extras_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebsockets_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebchannel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttranslations_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsvg_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialport_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialbus_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsensors_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtscript_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols2_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtmultimedia_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtlocation_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtimageformats_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtgraphicaleffects_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdoc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdeclarative_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtconnectivity_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtbase_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qt3d_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-doc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qgnomeplatform_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyqt5-sip_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:adwaita-qt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2023:6369
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Certificate Validation
EUVDB-ID: #VU78696
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34410
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.
Install updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 9
Red Hat Enterprise Linux for Power, little endian: 9
Red Hat Enterprise Linux for IBM z Systems: 9
Red Hat Enterprise Linux for x86_64: 9
qt5-qtxmlpatterns (Red Hat package): before 5.15.9-2.el9
qt5-qtx11extras (Red Hat package): before 5.15.9-1.el9
qt5-qtwebsockets (Red Hat package): before 5.15.9-2.el9
qt5-qtwebchannel (Red Hat package): before 5.15.9-1.el9
qt5-qtwayland (Red Hat package): before 5.15.9-1.el9
qt5-qttranslations (Red Hat package): before 5.15.9-1.el9
qt5-qttools (Red Hat package): before 5.15.9-3.el9
qt5-qtsvg (Red Hat package): before 5.15.9-2.el9
qt5-qtserialport (Red Hat package): before 5.15.9-1.el9
qt5-qtserialbus (Red Hat package): before 5.15.9-1.el9
qt5-qtsensors (Red Hat package): before 5.15.9-1.el9
qt5-qtscript (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols2 (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols (Red Hat package): before 5.15.9-1.el9
qt5-qtmultimedia (Red Hat package): before 5.15.9-1.el9
qt5-qtlocation (Red Hat package): before 5.15.9-1.el9
qt5-qtimageformats (Red Hat package): before 5.15.9-1.el9
qt5-qtgraphicaleffects (Red Hat package): before 5.15.9-1.el9
qt5-qtdoc (Red Hat package): before 5.15.9-1.el9
qt5-qtdeclarative (Red Hat package): before 5.15.9-3.el9
qt5-qtconnectivity (Red Hat package): before 5.15.9-2.el9
qt5-qtbase (Red Hat package): before 5.15.9-7.el9
qt5-qt3d (Red Hat package): before 5.15.9-1.el9
qt5-doc (Red Hat package): before 5.15.9-1.el9
qt5 (Red Hat package): before 5.15.9-1.el9
qgnomeplatform (Red Hat package): before 0.9.0-1.el9
python-qt5 (Red Hat package): before 5.15.9-1.el9
python-pyqt5-sip (Red Hat package): before 12.11.1-1.el9
adwaita-qt (Red Hat package): before 1.4.2-1.el9
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:9:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:qt5-qtxmlpatterns_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtx11extras_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebsockets_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebchannel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttranslations_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsvg_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialport_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialbus_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsensors_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtscript_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols2_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtmultimedia_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtlocation_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtimageformats_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtgraphicaleffects_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdoc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdeclarative_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtconnectivity_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtbase_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qt3d_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-doc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qgnomeplatform_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyqt5-sip_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:adwaita-qt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2023:6369
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU79632
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37369
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML content in QXmlStreamReader. A remote attacker can pass specially crafted XML input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 9
Red Hat Enterprise Linux for Power, little endian: 9
Red Hat Enterprise Linux for IBM z Systems: 9
Red Hat Enterprise Linux for x86_64: 9
qt5-qtxmlpatterns (Red Hat package): before 5.15.9-2.el9
qt5-qtx11extras (Red Hat package): before 5.15.9-1.el9
qt5-qtwebsockets (Red Hat package): before 5.15.9-2.el9
qt5-qtwebchannel (Red Hat package): before 5.15.9-1.el9
qt5-qtwayland (Red Hat package): before 5.15.9-1.el9
qt5-qttranslations (Red Hat package): before 5.15.9-1.el9
qt5-qttools (Red Hat package): before 5.15.9-3.el9
qt5-qtsvg (Red Hat package): before 5.15.9-2.el9
qt5-qtserialport (Red Hat package): before 5.15.9-1.el9
qt5-qtserialbus (Red Hat package): before 5.15.9-1.el9
qt5-qtsensors (Red Hat package): before 5.15.9-1.el9
qt5-qtscript (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols2 (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols (Red Hat package): before 5.15.9-1.el9
qt5-qtmultimedia (Red Hat package): before 5.15.9-1.el9
qt5-qtlocation (Red Hat package): before 5.15.9-1.el9
qt5-qtimageformats (Red Hat package): before 5.15.9-1.el9
qt5-qtgraphicaleffects (Red Hat package): before 5.15.9-1.el9
qt5-qtdoc (Red Hat package): before 5.15.9-1.el9
qt5-qtdeclarative (Red Hat package): before 5.15.9-3.el9
qt5-qtconnectivity (Red Hat package): before 5.15.9-2.el9
qt5-qtbase (Red Hat package): before 5.15.9-7.el9
qt5-qt3d (Red Hat package): before 5.15.9-1.el9
qt5-doc (Red Hat package): before 5.15.9-1.el9
qt5 (Red Hat package): before 5.15.9-1.el9
qgnomeplatform (Red Hat package): before 0.9.0-1.el9
python-qt5 (Red Hat package): before 5.15.9-1.el9
python-pyqt5-sip (Red Hat package): before 12.11.1-1.el9
adwaita-qt (Red Hat package): before 1.4.2-1.el9
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:9:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:qt5-qtxmlpatterns_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtx11extras_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebsockets_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebchannel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttranslations_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsvg_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialport_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialbus_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsensors_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtscript_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols2_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtmultimedia_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtlocation_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtimageformats_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtgraphicaleffects_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdoc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdeclarative_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtconnectivity_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtbase_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qt3d_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-doc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qgnomeplatform_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyqt5-sip_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:adwaita-qt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2023:6369
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU78697
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-38197
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 9
Red Hat Enterprise Linux for Power, little endian: 9
Red Hat Enterprise Linux for IBM z Systems: 9
Red Hat Enterprise Linux for x86_64: 9
qt5-qtxmlpatterns (Red Hat package): before 5.15.9-2.el9
qt5-qtx11extras (Red Hat package): before 5.15.9-1.el9
qt5-qtwebsockets (Red Hat package): before 5.15.9-2.el9
qt5-qtwebchannel (Red Hat package): before 5.15.9-1.el9
qt5-qtwayland (Red Hat package): before 5.15.9-1.el9
qt5-qttranslations (Red Hat package): before 5.15.9-1.el9
qt5-qttools (Red Hat package): before 5.15.9-3.el9
qt5-qtsvg (Red Hat package): before 5.15.9-2.el9
qt5-qtserialport (Red Hat package): before 5.15.9-1.el9
qt5-qtserialbus (Red Hat package): before 5.15.9-1.el9
qt5-qtsensors (Red Hat package): before 5.15.9-1.el9
qt5-qtscript (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols2 (Red Hat package): before 5.15.9-1.el9
qt5-qtquickcontrols (Red Hat package): before 5.15.9-1.el9
qt5-qtmultimedia (Red Hat package): before 5.15.9-1.el9
qt5-qtlocation (Red Hat package): before 5.15.9-1.el9
qt5-qtimageformats (Red Hat package): before 5.15.9-1.el9
qt5-qtgraphicaleffects (Red Hat package): before 5.15.9-1.el9
qt5-qtdoc (Red Hat package): before 5.15.9-1.el9
qt5-qtdeclarative (Red Hat package): before 5.15.9-3.el9
qt5-qtconnectivity (Red Hat package): before 5.15.9-2.el9
qt5-qtbase (Red Hat package): before 5.15.9-7.el9
qt5-qt3d (Red Hat package): before 5.15.9-1.el9
qt5-doc (Red Hat package): before 5.15.9-1.el9
qt5 (Red Hat package): before 5.15.9-1.el9
qgnomeplatform (Red Hat package): before 0.9.0-1.el9
python-qt5 (Red Hat package): before 5.15.9-1.el9
python-pyqt5-sip (Red Hat package): before 12.11.1-1.el9
adwaita-qt (Red Hat package): before 1.4.2-1.el9
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:9:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:qt5-qtxmlpatterns_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtx11extras_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebsockets_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwebchannel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtwayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttranslations_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qttools_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsvg_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialport_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtserialbus_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtsensors_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtscript_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols2_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtquickcontrols_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtmultimedia_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtlocation_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtimageformats_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtgraphicaleffects_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdoc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtdeclarative_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtconnectivity_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qtbase_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-qt3d_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5-doc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:qgnomeplatform_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-qt5_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:python-pyqt5-sip_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:adwaita-qt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2023:6369
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
