Unrated severityNVD Advisory· Published May 28, 2023· Updated Aug 19, 2024
CVE-2023-32762
CVE-2023-32762
Description
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- Qt/Qtdescription
- osv-coords26 versionspkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 5.15.2+kde294-150400.6.6.1+ 25 more
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.9+kde154-1.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.5.3-2.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.8.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 5.12.7-150200.4.23.1
- (no CPE)range: < 6.4.2-150500.3.7.4
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.7.4
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.