CVE-2023-32762

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-32762
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32762.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-32762
Downstream
Related
Published
2023-05-28T00:00:00Z
Modified
2026-05-28T04:08:55.624523392Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.

Database specific 
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32762.json"
}
References

Affected packages

Git / github.com/qt/qt5

Affected ranges

Type
GIT
Repo
https://github.com/qt/qt5
Events
Introduced
5bb74ad51f3a976b261c3072d3b49fd9d4c84d0d
Fixed
e6c2b7b2641e6984b59b73df99684c14255710c3
Introduced
78410d7e8b7aafdcbb4feea3a943038c7e0a0b5f
Fixed
322d47d25de3cbafd8d6cd2a62e4ed6efc736a4b
Introduced
1734139bf4629af593e79d247a18f8e511bf7c5e
Fixed
19b7e91751697cb2514ac7dcdbf166655f0de698
Database specific 
{
    "extracted_events": [
        {
            "introduced": "5.9.0"
        },
        {
            "fixed": "5.15.14"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.2.9"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "fixed": "6.5.1"
        }
    ],
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32762.json"

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
f6b36eaafec24b4c67efff621d380a4ca4257d0b
Fixed
86c62c8f6088ec148512457cb7e964661ba643b0
Introduced
fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17
Fixed
f131837a9fcc83dcfb70a0a91b1baacb6ccf14a2
Introduced
9554d315aa74eaba1726405ee09117e2ebc6111f
Fixed
55aee8697512af105dfefabc1e2ec41d4df1e45e
Fixed
1b736a815be0222f4b24289cf17575fc15707305
Database specific 
{
    "extracted_events": [
        {
            "introduced": "5.9.0"
        },
        {
            "fixed": "5.15.14"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.2.9"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "fixed": "6.5.1"
        }
    ],
    "cpe": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32762.json"