AZL-26944

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-26944.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-26944

Upstream

CVE-2023-32762

Published

2023-05-28T23:15:09Z

Modified

2026-04-01T05:08:52.289189Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

CVE-2023-32762 affecting package qt5-qtbase for versions less than 5.12.11-8

Details

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-32762

Affected packages

Azure Linux:2 / qt5-qtbase

Package

Name: qt5-qtbase
Purl: pkg:rpm/azure-linux/qt5-qtbase

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.11-8

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-26944.json"