DEBIAN-CVE-2023-32762

DEBIAN-CVE-2023-32762 PUBLISHED CVSS 5.300000190734863 MEDIUM

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	qtbase-opensource-src	5.15.2+dfsg-9, 5.15.2+dfsg-9, 0
Debian:13	qt6-base	0, 0, 0
Debian:12	qtbase-opensource-src	0, 0, 0
Debian:13	qtbase-opensource-src	0, 0, 0
Debian:14	qtbase-opensource-src	0, 0, 0
Debian:14	qt6-base	0, 0, 0
Debian:12	qt6-base	0, 0, 0

Timeline

May 28, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-32762 advisory

Open in Interactive Console →