An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
References
Configurations
Configuration 1 (hide)
|
History
01 May 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2023, 03:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 - Patch | |
References | (CONFIRM) https://lists.qt-project.org/pipermail/announce/2023-May/000414.html - Mailing List, Patch | |
References | (MISC) https://codereview.qt-project.org/c/qt/qtbase/+/476140 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* |
28 May 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-28 23:15
Updated : 2024-08-19 17:35
NVD link : CVE-2023-32762
Mitre link : CVE-2023-32762
CVE.ORG link : CVE-2023-32762
JSON object : View
Products Affected
qt
- qt
CWE