CVE-2023-51714 Vulnerability

[claudiudc]

Hello,

I would like to raise a concern related to CVE-2023-51714 vulnerability.
In our enterprise environment security scanners detected that latest release is impacted by CVE-2023-51714 vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-51714
Could you please help updating to a newer qt library to address this issue?

Also one more idea, will it be possible for the feature maybe to have a console version that is not using qt at all?
From experience we see very frequently qt affected by different security vulnerabilities and in enterprise environments addressing security vulnerabilities is a critical process.

Kind Regards,
Claudiu

[horsicq]

Hello! Thanks a lot for the bugreport! It will be fixed!.

[DevX-Cipher]

it does not happen in Qt6

[claudiudc]

it does not happen in Qt6

It is
"6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2"

[DevX-Cipher]

ok i must have read it wrong

[BJNFNE]

@DevX-Cipher What is the status of this Issue? Is it fixed in the meanwhile?

[DevX-Cipher]

I haven't checked it again i will on Monday

[DevX-Cipher]

@BJNFNE Yes, this issue is known in Qt. It is present, but I was unable to reproduce it in the latest version of Qt, so it appears to have been resolved in newer release.

[BJNFNE]

@DevX-Cipher so this Issue can be closed?

[DevX-Cipher]

@BJNFNE if newer version of qt6 is used yes