CVE-2023-32762
Summary
| CVE | CVE-2023-32762 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-05-28 23:15:00 UTC |
| Updated | 2023-06-03 03:57:00 UTC |
| Description | An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Hsts: match header names case insensitively · qt/qtbase@1b736a8 · GitHub | MISC | github.com | |
| [Announce] Security advisory: Qt Network | CONFIRM | lists.qt-project.org | |
| codereview.qt-project.org/c/qt/qtbase/+/476140 | MISC | codereview.qt-project.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 184577 Debian Security Update for qtbase-opensource-srcqt6-base (CVE-2023-32762)
- 283995 Fedora Security Update for qt5 (FEDORA-2023-f42087b533)
- 284135 Fedora Security Update for qt5 (FEDORA-2023-b9ead419b6)
- 503227 Alpine Linux Security Update for qt5-qtbase
- 503243 Alpine Linux Security Update for qt6-qtbase
- 506183 Alpine Linux Security Update for qt5-qtbase
- 506209 Alpine Linux Security Update for qt6-qtbase
- 710861 Gentoo Linux QtNetwork Multiple Vulnerabilities (GLSA 202402-21)
- 754253 SUSE Enterprise Linux Security Update for libqt5-qtbase (SUSE-SU-2023:3207-1)
- 906999 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26944-1)
- 907014 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26905-1)