Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32762

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.

Published

2023-05-28T23:15:09.570

Last Modified

2025-03-05T18:52:55.280

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	debian	debian_linux	10.0	Yes
Application	qt	qt	< 5.15.14	Yes
Application	qt	qt	< 6.2.9	Yes
Application	qt	qt	< 6.5.1	Yes

References

https://codereview.qt-project.org/c/qt/qtbase/+/476140 Patch ([email protected])
https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html Third Party Advisory ([email protected])
https://lists.qt-project.org/pipermail/announce/2023-May/000414.html Mailing List, Patch ([email protected])
https://codereview.qt-project.org/c/qt/qtbase/+/476140 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.qt-project.org/pipermail/announce/2023-May/000414.html Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)