Home

CVE-2007-0242

Description

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.675

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2007:0883) Important: qt security update qt-MySQL-3.3.6-23.el5.i386.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-MySQL-3.3.6-23.el5.x86_64.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-ODBC-3.3.6-23.el5.i386.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-ODBC-3.3.6-23.el5.x86_64.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-PostgreSQL-3.3.6-23.el5.i386.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-PostgreSQL-3.3.6-23.el5.x86_64.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-config-3.3.6-23.el5.i386.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-config-3.3.6-23.el5.x86_64.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-designer-3.3.6-23.el5.i386.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-designer-3.3.6-23.el5.x86_64.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-devel-3.3.6-23.el5.i386.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-devel-3.3.6-23.el5.x86_64.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-devel-docs-3.3.6-23.el5.i386.rpmLinux
(RHSA-2007:0883) Important: qt security update qt-devel-docs-3.3.6-23.el5.x86_64.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-4.2.1-1.el5_7.1.i386.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-4.2.1-1.el5_7.1.x86_64.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-devel-4.2.1-1.el5_7.1.i386.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-devel-4.2.1-1.el5_7.1.x86_64.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-doc-4.2.1-1.el5_7.1.i386.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-doc-4.2.1-1.el5_7.1.x86_64.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-mysql-4.2.1-1.el5_7.1.i386.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-odbc-4.2.1-1.el5_7.1.i386.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-postgresql-4.2.1-1.el5_7.1.i386.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-sqlite-4.2.1-1.el5_7.1.i386.rpmLinux
(RHSA-2011:1324) Moderate: qt4 security update qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234