Fluid Attacks Database

Description

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	qtbase-opensource-src-gles	=5.15.10+dfsg-1 \|\| =5.15.10+dfsg-2 \|\| =5.15.10+dfsg-3 \|\| =5.15.10+dfsg-4 \|\| =5.15.10+dfsg-5 \|\| =5.15.10+dfsg-6 \|\| =5.15.12+dfsg-1 \|\| =5.15.13+dfsg-1 \|\| =5.15.13+dfsg-2 \|\| =5.15.15+dfsg-1 \|\| =5.15.15+dfsg-2 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.18+dfsg-1 \|\| =5.15.2+dfsg-4 \|\| =5.15.2+dfsg-5 \|\| =5.15.3+dfsg-1 \|\| =5.15.4+dfsg-1 \|\| =5.15.4+dfsg-2 \|\| =5.15.5+dfsg-1 \|\| =5.15.6+dfsg-1 \|\| =5.15.6+dfsg-2 \|\| =5.15.7+dfsg-1 \|\| =5.15.7+dfsg-2 \|\| =5.15.8+dfsg-1 \|\| =5.15.8+dfsg-2 \|\| =5.15.8+dfsg-3 \|\| =5.15.9+dfsg-1	-
debian 13	qtbase-opensource-src	>=0 <5.15.10+dfsg-6	5.15.10+dfsg-6
debian 12	qt6-base	=6.10.2+dfsg-1 \|\| =6.10.2+dfsg-10 \|\| =6.10.2+dfsg-10+hurd.1 \|\| =6.10.2+dfsg-11 \|\| =6.10.2+dfsg-2 \|\| =6.10.2+dfsg-3 \|\| =6.10.2+dfsg-4 \|\| =6.10.2+dfsg-5 \|\| =6.10.2+dfsg-6 \|\| =6.10.2+dfsg-7 \|\| =6.10.2+dfsg-7+hurd.1 \|\| =6.10.2+dfsg-8 \|\| =6.10.2+dfsg-9 \|\| =6.4.2+dfsg-10 \|\| =6.4.2+dfsg-11 \|\| =6.4.2+dfsg-11~bpo11+1 \|\| =6.4.2+dfsg-12 \|\| =6.4.2+dfsg-13 \|\| =6.4.2+dfsg-14 \|\| =6.4.2+dfsg-15 \|\| =6.4.2+dfsg-16 \|\| =6.4.2+dfsg-17 \|\| =6.4.2+dfsg-18 \|\| =6.4.2+dfsg-18+loong64 \|\| =6.4.2+dfsg-19 \|\| =6.4.2+dfsg-20 \|\| =6.4.2+dfsg-21 \|\| =6.4.2+dfsg-21.1 \|\| =6.6.0+dfsg-1 \|\| =6.6.0+dfsg-2 \|\| =6.6.0+dfsg-3 \|\| =6.6.0+dfsg-4 \|\| =6.6.0+dfsg-5 \|\| =6.6.0+dfsg-6 \|\| =6.6.1+dfsg-1 \|\| =6.6.1+dfsg-2 \|\| =6.6.1+dfsg-3 \|\| =6.6.1+dfsg-4 \|\| =6.6.1+dfsg-5 \|\| =6.6.1+dfsg-6 \|\| =6.6.2+dfsg-1 \|\| =6.6.2+dfsg-10 \|\| =6.6.2+dfsg-11 \|\| =6.6.2+dfsg-12 \|\| =6.6.2+dfsg-2 \|\| =6.6.2+dfsg-3 \|\| =6.6.2+dfsg-4 \|\| =6.6.2+dfsg-5 \|\| =6.6.2+dfsg-6 \|\| =6.6.2+dfsg-7 \|\| =6.6.2+dfsg-8 \|\| =6.6.2+dfsg-9 \|\| =6.7.2+dfsg-1 \|\| =6.7.2+dfsg-2 \|\| =6.7.2+dfsg-3 \|\| =6.7.2+dfsg-4 \|\| =6.7.2+dfsg-4+m68k \|\| =6.7.2+dfsg-5 \|\| =6.7.2+dfsg-6 \|\| =6.8.2+dfsg-1 \|\| =6.8.2+dfsg-10 \|\| =6.8.2+dfsg-10.1 \|\| =6.8.2+dfsg-2 \|\| =6.8.2+dfsg-3 \|\| =6.8.2+dfsg-4 \|\| =6.8.2+dfsg-5 \|\| =6.8.2+dfsg-5+m68k \|\| =6.8.2+dfsg-6 \|\| =6.8.2+dfsg-7 \|\| =6.8.2+dfsg-8 \|\| =6.8.2+dfsg-9 \|\| =6.9.1+dfsg-1 \|\| =6.9.1+dfsg-2 \|\| =6.9.1+dfsg-3 \|\| =6.9.1+dfsg-4 \|\| =6.9.1+dfsg-5 \|\| =6.9.2+dfsg-1 \|\| =6.9.2+dfsg-2 \|\| =6.9.2+dfsg-3 \|\| =6.9.2+dfsg-4	-
debian 13	qt6-base	>=0 <6.4.2+dfsg-21	6.4.2+dfsg-21
debian 14	qt6-base	>=0 <6.4.2+dfsg-21	6.4.2+dfsg-21
debian 11	qtbase-opensource-src	=5.15.2+dfsg-9 \|\| >=0 <5.15.2+dfsg-9+deb11u1	5.15.2+dfsg-9+deb11u1
debian 12	qtbase-opensource-src	=5.15.8+dfsg-11 \|\| =5.15.8+dfsg-11+deb12u1 \|\| >=0 <5.15.8+dfsg-11+deb12u2	5.15.8+dfsg-11+deb12u2
debian 14	qtbase-opensource-src	>=0 <5.15.10+dfsg-6	5.15.10+dfsg-6
debian 12	qtbase-opensource-src-gles	=5.15.10+dfsg-1 \|\| =5.15.10+dfsg-2 \|\| =5.15.10+dfsg-3 \|\| =5.15.10+dfsg-4 \|\| =5.15.10+dfsg-5 \|\| =5.15.10+dfsg-6 \|\| =5.15.12+dfsg-1 \|\| =5.15.13+dfsg-1 \|\| =5.15.13+dfsg-2 \|\| =5.15.15+dfsg-1 \|\| =5.15.15+dfsg-2 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.18+dfsg-1 \|\| =5.15.8+dfsg-3 \|\| =5.15.9+dfsg-1	-
debian 13	qtbase-opensource-src-gles	>=0 <5.15.10+dfsg-4	5.15.10+dfsg-4

1-10 of 17

Aliases

1. CVE-2023-517142. NVD-2023-517143. OSV-DEBIAN-2023-517144. OSV-2023-517145. SECURITY-TRACKER-CVE-2023-51714

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.