5.3
CVE-2023-32762
- EPSS 0.88%
- Veröffentlicht 28.05.2023 23:15:09
- Zuletzt bearbeitet 21.11.2024 08:03:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.88% | 0.542 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
https://codereview.qt-project.org/c/qt/qtbase/+/476140
https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
https://lists.qt-project.org/pipermail/announce/2023-May/000414.html