FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

QtNetwork -- potential buffer overflow

Affected packages
qt5-network < 5.15.12p148_1
qt6-base < 6.6.1_2

Details

VuXML ID e2f981f1-ad9e-11ee-8b55-4ccc6adda413
Discovery 2023-12-14
Entry 2024-01-07

Andy Shaw reports:

A potential integer overflow has been discovered in Qt's HTTP2 implementation. If the HTTP2 implementation receives more than 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow.

[source]

References

CVE Name CVE-2023-51714
URL https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.