Unrated severityNVD Advisory· Published May 28, 2023· Updated Aug 19, 2024
CVE-2023-32762
CVE-2023-32762
Description
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
Affected products
27- Qt/Qtdescription
- osv-coords26 versionspkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 5.15.2+kde294-150400.6.6.1+ 25 more
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.9+kde154-1.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.5.3-2.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.