SUSE update for libqt4
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2021-45930 CVE-2023-32573 CVE-2023-32763 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 |
| CWE-ID | CWE-787 CWE-369 CWE-119 CWE-295 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Workstation Extension 12 Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system libqt4-x11-32bit Operating systems & Components / Operating system package or component libqt4-qt3support-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-sql-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-x11-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-sql-32bit Operating systems & Components / Operating system package or component libqt4-qt3support-32bit Operating systems & Components / Operating system package or component libqt4-32bit Operating systems & Components / Operating system package or component qt4-x11-tools Operating systems & Components / Operating system package or component libqt4-sql-sqlite Operating systems & Components / Operating system package or component libqt4-qt3support Operating systems & Components / Operating system package or component libqt4-sql Operating systems & Components / Operating system package or component libqt4-sql-sqlite-debuginfo Operating systems & Components / Operating system package or component libqt4-x11-debuginfo Operating systems & Components / Operating system package or component qt4-x11-tools-debuginfo Operating systems & Components / Operating system package or component libqt4-sql-mysql Operating systems & Components / Operating system package or component libqt4-x11 Operating systems & Components / Operating system package or component libqt4-sql-debuginfo Operating systems & Components / Operating system package or component libqt4-sql-mysql-debuginfo Operating systems & Components / Operating system package or component libqt4-qt3support-debuginfo Operating systems & Components / Operating system package or component libqt4 Operating systems & Components / Operating system package or component libqt4-devel-doc-data Operating systems & Components / Operating system package or component libqt4-devel Operating systems & Components / Operating system package or component libqt4-devel-doc-debugsource Operating systems & Components / Operating system package or component libqt4-debuginfo Operating systems & Components / Operating system package or component libqt4-linguist-debuginfo Operating systems & Components / Operating system package or component libqt4-private-headers-devel Operating systems & Components / Operating system package or component libqt4-devel-doc-debuginfo Operating systems & Components / Operating system package or component libqt4-linguist Operating systems & Components / Operating system package or component libqt4-devel-doc Operating systems & Components / Operating system package or component libqt4-devel-debuginfo Operating systems & Components / Operating system package or component libqt4-sql-postgresql-debuginfo Operating systems & Components / Operating system package or component libqt4-sql-sqlite-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-sql-mysql-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-sql-unixODBC-32bit Operating systems & Components / Operating system package or component libqt4-debugsource Operating systems & Components / Operating system package or component libqt4-sql-postgresql-32bit Operating systems & Components / Operating system package or component libqt4-sql-mysql-32bit Operating systems & Components / Operating system package or component libqt4-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-sql-sqlite-32bit Operating systems & Components / Operating system package or component libqt4-sql-unixODBC-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-sql-unixODBC-debuginfo Operating systems & Components / Operating system package or component libqt4-sql-unixODBC Operating systems & Components / Operating system package or component libqt4-sql-postgresql-debuginfo-32bit Operating systems & Components / Operating system package or component libqt4-sql-postgresql Operating systems & Components / Operating system package or component libqt4-sql-plugins-debugsource Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU78667
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-45930
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within QtPrivate::QCommonArrayOps::growAppend() function. A remote attacker can create a specially crafted SVG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.
Update the affected package libqt4 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libqt4-x11-32bit: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-x11-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-32bit: before 4.8.7-8.19.1
libqt4-qt3support-32bit: before 4.8.7-8.19.1
libqt4-32bit: before 4.8.7-8.19.1
qt4-x11-tools: before 4.8.7-8.19.1
libqt4-sql-sqlite: before 4.8.7-8.19.1
libqt4-qt3support: before 4.8.7-8.19.1
libqt4-sql: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo: before 4.8.7-8.19.1
libqt4-x11-debuginfo: before 4.8.7-8.19.1
qt4-x11-tools-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql: before 4.8.7-8.19.1
libqt4-x11: before 4.8.7-8.19.1
libqt4-sql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo: before 4.8.7-8.19.1
libqt4: before 4.8.7-8.19.1
libqt4-devel-doc-data: before 4.8.7-8.19.1
libqt4-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debugsource: before 4.8.7-8.19.1
libqt4-debuginfo: before 4.8.7-8.19.1
libqt4-linguist-debuginfo: before 4.8.7-8.19.1
libqt4-private-headers-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debuginfo: before 4.8.7-8.19.1
libqt4-linguist: before 4.8.7-8.19.1
libqt4-devel-doc: before 4.8.7-8.19.1
libqt4-devel-debuginfo: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-32bit: before 4.8.7-8.19.1
libqt4-debugsource: before 4.8.7-8.19.1
libqt4-sql-postgresql-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-32bit: before 4.8.7-8.19.1
libqt4-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-sqlite-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo: before 4.8.7-8.19.1
libqt4-sql-unixODBC: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-postgresql: before 4.8.7-8.19.1
libqt4-sql-plugins-debugsource: before 4.8.7-8.19.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_12:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libqt4-x11-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-private-headers-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-plugins-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234622-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Division by zero
EUVDB-ID: #VU76665
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32573
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error in src/svg/qsvghandler.cpp. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Update the affected package libqt4 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libqt4-x11-32bit: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-x11-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-32bit: before 4.8.7-8.19.1
libqt4-qt3support-32bit: before 4.8.7-8.19.1
libqt4-32bit: before 4.8.7-8.19.1
qt4-x11-tools: before 4.8.7-8.19.1
libqt4-sql-sqlite: before 4.8.7-8.19.1
libqt4-qt3support: before 4.8.7-8.19.1
libqt4-sql: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo: before 4.8.7-8.19.1
libqt4-x11-debuginfo: before 4.8.7-8.19.1
qt4-x11-tools-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql: before 4.8.7-8.19.1
libqt4-x11: before 4.8.7-8.19.1
libqt4-sql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo: before 4.8.7-8.19.1
libqt4: before 4.8.7-8.19.1
libqt4-devel-doc-data: before 4.8.7-8.19.1
libqt4-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debugsource: before 4.8.7-8.19.1
libqt4-debuginfo: before 4.8.7-8.19.1
libqt4-linguist-debuginfo: before 4.8.7-8.19.1
libqt4-private-headers-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debuginfo: before 4.8.7-8.19.1
libqt4-linguist: before 4.8.7-8.19.1
libqt4-devel-doc: before 4.8.7-8.19.1
libqt4-devel-debuginfo: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-32bit: before 4.8.7-8.19.1
libqt4-debugsource: before 4.8.7-8.19.1
libqt4-sql-postgresql-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-32bit: before 4.8.7-8.19.1
libqt4-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-sqlite-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo: before 4.8.7-8.19.1
libqt4-sql-unixODBC: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-postgresql: before 4.8.7-8.19.1
libqt4-sql-plugins-debugsource: before 4.8.7-8.19.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_12:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libqt4-x11-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-private-headers-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-plugins-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234622-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU76668
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-32763
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing SVG files within the QTextLayout() function in src/gui/text/qtextlayout.cpp. A remote attacker can pass a specially crafted SVG file to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package libqt4 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libqt4-x11-32bit: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-x11-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-32bit: before 4.8.7-8.19.1
libqt4-qt3support-32bit: before 4.8.7-8.19.1
libqt4-32bit: before 4.8.7-8.19.1
qt4-x11-tools: before 4.8.7-8.19.1
libqt4-sql-sqlite: before 4.8.7-8.19.1
libqt4-qt3support: before 4.8.7-8.19.1
libqt4-sql: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo: before 4.8.7-8.19.1
libqt4-x11-debuginfo: before 4.8.7-8.19.1
qt4-x11-tools-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql: before 4.8.7-8.19.1
libqt4-x11: before 4.8.7-8.19.1
libqt4-sql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo: before 4.8.7-8.19.1
libqt4: before 4.8.7-8.19.1
libqt4-devel-doc-data: before 4.8.7-8.19.1
libqt4-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debugsource: before 4.8.7-8.19.1
libqt4-debuginfo: before 4.8.7-8.19.1
libqt4-linguist-debuginfo: before 4.8.7-8.19.1
libqt4-private-headers-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debuginfo: before 4.8.7-8.19.1
libqt4-linguist: before 4.8.7-8.19.1
libqt4-devel-doc: before 4.8.7-8.19.1
libqt4-devel-debuginfo: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-32bit: before 4.8.7-8.19.1
libqt4-debugsource: before 4.8.7-8.19.1
libqt4-sql-postgresql-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-32bit: before 4.8.7-8.19.1
libqt4-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-sqlite-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo: before 4.8.7-8.19.1
libqt4-sql-unixODBC: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-postgresql: before 4.8.7-8.19.1
libqt4-sql-plugins-debugsource: before 4.8.7-8.19.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_12:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libqt4-x11-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-private-headers-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-plugins-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234622-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Certificate Validation
EUVDB-ID: #VU78696
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34410
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.
Update the affected package libqt4 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libqt4-x11-32bit: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-x11-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-32bit: before 4.8.7-8.19.1
libqt4-qt3support-32bit: before 4.8.7-8.19.1
libqt4-32bit: before 4.8.7-8.19.1
qt4-x11-tools: before 4.8.7-8.19.1
libqt4-sql-sqlite: before 4.8.7-8.19.1
libqt4-qt3support: before 4.8.7-8.19.1
libqt4-sql: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo: before 4.8.7-8.19.1
libqt4-x11-debuginfo: before 4.8.7-8.19.1
qt4-x11-tools-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql: before 4.8.7-8.19.1
libqt4-x11: before 4.8.7-8.19.1
libqt4-sql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo: before 4.8.7-8.19.1
libqt4: before 4.8.7-8.19.1
libqt4-devel-doc-data: before 4.8.7-8.19.1
libqt4-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debugsource: before 4.8.7-8.19.1
libqt4-debuginfo: before 4.8.7-8.19.1
libqt4-linguist-debuginfo: before 4.8.7-8.19.1
libqt4-private-headers-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debuginfo: before 4.8.7-8.19.1
libqt4-linguist: before 4.8.7-8.19.1
libqt4-devel-doc: before 4.8.7-8.19.1
libqt4-devel-debuginfo: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-32bit: before 4.8.7-8.19.1
libqt4-debugsource: before 4.8.7-8.19.1
libqt4-sql-postgresql-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-32bit: before 4.8.7-8.19.1
libqt4-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-sqlite-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo: before 4.8.7-8.19.1
libqt4-sql-unixODBC: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-postgresql: before 4.8.7-8.19.1
libqt4-sql-plugins-debugsource: before 4.8.7-8.19.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_12:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libqt4-x11-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-private-headers-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-plugins-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234622-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU79632
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37369
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML content in QXmlStreamReader. A remote attacker can pass specially crafted XML input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package libqt4 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libqt4-x11-32bit: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-x11-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-32bit: before 4.8.7-8.19.1
libqt4-qt3support-32bit: before 4.8.7-8.19.1
libqt4-32bit: before 4.8.7-8.19.1
qt4-x11-tools: before 4.8.7-8.19.1
libqt4-sql-sqlite: before 4.8.7-8.19.1
libqt4-qt3support: before 4.8.7-8.19.1
libqt4-sql: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo: before 4.8.7-8.19.1
libqt4-x11-debuginfo: before 4.8.7-8.19.1
qt4-x11-tools-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql: before 4.8.7-8.19.1
libqt4-x11: before 4.8.7-8.19.1
libqt4-sql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo: before 4.8.7-8.19.1
libqt4: before 4.8.7-8.19.1
libqt4-devel-doc-data: before 4.8.7-8.19.1
libqt4-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debugsource: before 4.8.7-8.19.1
libqt4-debuginfo: before 4.8.7-8.19.1
libqt4-linguist-debuginfo: before 4.8.7-8.19.1
libqt4-private-headers-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debuginfo: before 4.8.7-8.19.1
libqt4-linguist: before 4.8.7-8.19.1
libqt4-devel-doc: before 4.8.7-8.19.1
libqt4-devel-debuginfo: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-32bit: before 4.8.7-8.19.1
libqt4-debugsource: before 4.8.7-8.19.1
libqt4-sql-postgresql-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-32bit: before 4.8.7-8.19.1
libqt4-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-sqlite-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo: before 4.8.7-8.19.1
libqt4-sql-unixODBC: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-postgresql: before 4.8.7-8.19.1
libqt4-sql-plugins-debugsource: before 4.8.7-8.19.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_12:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libqt4-x11-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-private-headers-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-plugins-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234622-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU78697
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-38197
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package libqt4 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libqt4-x11-32bit: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-x11-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-32bit: before 4.8.7-8.19.1
libqt4-qt3support-32bit: before 4.8.7-8.19.1
libqt4-32bit: before 4.8.7-8.19.1
qt4-x11-tools: before 4.8.7-8.19.1
libqt4-sql-sqlite: before 4.8.7-8.19.1
libqt4-qt3support: before 4.8.7-8.19.1
libqt4-sql: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo: before 4.8.7-8.19.1
libqt4-x11-debuginfo: before 4.8.7-8.19.1
qt4-x11-tools-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql: before 4.8.7-8.19.1
libqt4-x11: before 4.8.7-8.19.1
libqt4-sql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo: before 4.8.7-8.19.1
libqt4-qt3support-debuginfo: before 4.8.7-8.19.1
libqt4: before 4.8.7-8.19.1
libqt4-devel-doc-data: before 4.8.7-8.19.1
libqt4-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debugsource: before 4.8.7-8.19.1
libqt4-debuginfo: before 4.8.7-8.19.1
libqt4-linguist-debuginfo: before 4.8.7-8.19.1
libqt4-private-headers-devel: before 4.8.7-8.19.1
libqt4-devel-doc-debuginfo: before 4.8.7-8.19.1
libqt4-linguist: before 4.8.7-8.19.1
libqt4-devel-doc: before 4.8.7-8.19.1
libqt4-devel-debuginfo: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo: before 4.8.7-8.19.1
libqt4-sql-sqlite-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-32bit: before 4.8.7-8.19.1
libqt4-debugsource: before 4.8.7-8.19.1
libqt4-sql-postgresql-32bit: before 4.8.7-8.19.1
libqt4-sql-mysql-32bit: before 4.8.7-8.19.1
libqt4-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-sqlite-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-unixODBC-debuginfo: before 4.8.7-8.19.1
libqt4-sql-unixODBC: before 4.8.7-8.19.1
libqt4-sql-postgresql-debuginfo-32bit: before 4.8.7-8.19.1
libqt4-sql-postgresql: before 4.8.7-8.19.1
libqt4-sql-plugins-debugsource: before 4.8.7-8.19.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_12:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libqt4-x11-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:qt4-x11-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-x11:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-qt3support-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-data:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-private-headers-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-linguist:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-mysql-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-sqlite-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-unixodbc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libqt4-sql-plugins-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234622-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
