CVE-2023-33285

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-33285
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33285.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-33285
Downstream
Related
Published
2023-05-22T03:15:09.720Z
Modified
2026-02-04T21:35:25.501386Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

References

Affected packages

Git / github.com/qt/qt5

Affected ranges

Type
GIT
Repo
https://github.com/qt/qt5
Events
Introduced
1734139bf4629af593e79d247a18f8e511bf7c5e
Fixed
19b7e91751697cb2514ac7dcdbf166655f0de698
Introduced
78410d7e8b7aafdcbb4feea3a943038c7e0a0b5f
Fixed
322d47d25de3cbafd8d6cd2a62e4ed6efc736a4b
Fixed
45624b631fffebe4d2cd1a28978c37304bea8d3c

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33285.json"

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
9554d315aa74eaba1726405ee09117e2ebc6111f
Fixed
55aee8697512af105dfefabc1e2ec41d4df1e45e
Introduced
fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17
Fixed
f131837a9fcc83dcfb70a0a91b1baacb6ccf14a2
Introduced
3bf50a7db9a1add66fb66b7a1f9c1d3b038c5e7f
Fixed
ffdd372c7bbda62e9d937f406319f38e3e982774

Affected versions

v5.*
v5.0.0
v5.0.1
v5.0.2
v5.1.0
v5.1.0-alpha1
v5.1.0-beta1
v5.1.0-rc1
v5.1.0-rc2
v5.1.1
v5.10.0
v5.10.0-alpha1
v5.10.0-beta1
v5.10.0-beta2
v5.10.0-beta3
v5.10.0-beta4
v5.10.0-rc1
v5.10.0-rc2
v5.10.0-rc3
v5.10.1
v5.11.0
v5.11.0-alpha1
v5.11.0-beta1
v5.11.0-beta2
v5.11.0-beta3
v5.11.0-beta4
v5.11.0-rc1
v5.11.0-rc2
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.12.0-alpha1
v5.12.0-beta1
v5.12.0-beta2
v5.12.0-beta3
v5.12.0-beta4
v5.12.0-rc1
v5.12.0-rc2
v5.12.1
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.13.2
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.15.3-lts-lgpl
v5.2.0
v5.2.0-alpha1
v5.2.0-beta1
v5.2.0-rc1
v5.2.1
v5.3.0
v5.3.0-alpha1
v5.3.0-beta1
v5.3.0-rc1
v5.3.1
v5.3.2
v5.4.0
v5.4.0-alpha1
v5.4.0-beta1
v5.4.0-rc1
v5.4.1
v5.4.2
v5.5.0
v5.5.0-alpha1
v5.5.0-beta1
v5.5.0-rc1
v5.5.1
v5.6.0
v5.6.0-alpha1
v5.6.0-beta1
v5.6.0-rc1
v5.6.1
v5.6.1-1
v5.6.2
v5.7.0
v5.7.0-alpha1
v5.7.0-beta1
v5.7.0-rc1
v5.7.1
v5.8.0
v5.8.0-alpha1
v5.8.0-beta1
v5.8.0-rc1
v5.9.0
v5.9.0-alpha1
v5.9.0-beta1
v5.9.0-beta2
v5.9.0-beta3
v5.9.0-beta4
v5.9.0-rc1
v5.9.0-rc2
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v6.*
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.2.0-alpha1
v6.2.0-beta1
v6.2.0-beta2
v6.2.0-beta3
v6.2.0-beta4
v6.2.5-lts-lgpl
v6.2.6-lts-lgpl
v6.2.7-lts-lgpl
v6.2.8-lts-lgpl
v6.5.0-beta1
v6.5.0-beta2
v6.5.0-beta3

Database specific

vanir_signatures 
[
    {
        "deprecated": false,
        "source": "https://github.com/qt/qtbase/commit/55aee8697512af105dfefabc1e2ec41d4df1e45e",
        "id": "CVE-2023-33285-95a33edc",
        "target": {
            "file": "src/network/kernel/qdnslookup_unix.cpp"
        },
        "digest": {
            "line_hashes": [
                "92376634840184399825365318154288351993",
                "232461204609313989120257745717201240216",
                "320708743009817993507337202164167887441",
                "21308290995217884491005044431632010900",
                "298034914405986548572445818450155724325",
                "171355919169060797509597056785544202524",
                "1069687939198931456973687425830032072",
                "3540876834910303010839964264776335282",
                "119893641728366708810635981190240492131",
                "135558535485227323371703831987671565962",
                "218424658944840923178893068857589239342",
                "180130516929332699035191217939835434911",
                "171902681780682419451758795992574159417",
                "194908686061445372061155934280632091709",
                "25828914292029408919762996279289826136",
                "271381063204330631592675759559091485281",
                "188826755362610565145874472998653610620",
                "61181470149620454368846073938918120330",
                "144456116250144122357606448252883560018",
                "210431344564871427713284927923317729215",
                "33720891528493242799779644168988618648",
                "131451878779952217380213242484707842149",
                "163457716009692412014758585930328269677",
                "48972863578760833987644564696874645146"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/qt/qtbase/commit/55aee8697512af105dfefabc1e2ec41d4df1e45e",
        "id": "CVE-2023-33285-b3d99a5e",
        "target": {
            "file": "src/network/kernel/qdnslookup_unix.cpp",
            "function": "QDnsLookupRunnable::query"
        },
        "digest": {
            "function_hash": "328679296815467547461728943587483981886",
            "length": 7904.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33285.json"