PT-2023-3581 · Qt Company+6 · Qt+6

Published

2023-05-08

·

Updated

2026-04-01

·

CVE-2023-32762

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.15.14 Qt versions 6.x prior to 6.2.9 Qt versions 6.3.x through 6.5.x prior to 6.5.1
Description An issue in Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This occurs if the case used for the HSTS header does not exactly match. The issue relates to the transmission of protected information in unencrypted form, potentially allowing a remote attacker to impact data integrity.
Recommendations For Qt versions prior to 5.15.14, update to version 5.15.14 or later. For Qt versions 6.x prior to 6.2.9, update to version 6.2.9 or later. For Qt versions 6.3.x through 6.5.x prior to 6.5.1, update to version 6.5.1 or later.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

ALT-PU-2023-4345
ALT-PU-2023-4393
ALT-PU-2023-7215
ALT-PU-2023-7216
ALT-PU-2023-7217
ALT-PU-2023-7218
ALT-PU-2023-7219
ALT-PU-2023-7220
ALT-PU-2023-7221
ALT-PU-2023-7222
ALT-PU-2023-7223
ALT-PU-2023-7224
ALT-PU-2023-7225
ALT-PU-2023-7226
ALT-PU-2023-7227
ALT-PU-2023-7228
ALT-PU-2023-7229
ALT-PU-2023-7230
ALT-PU-2023-7231
ALT-PU-2023-7232
ALT-PU-2023-7233
ALT-PU-2023-7234
ALT-PU-2023-7235
ALT-PU-2023-7236
ALT-PU-2023-7237
ALT-PU-2023-7645
ALT-PU-2024-1120
ALT-PU-2024-12660
ALT-PU-2024-12662
ALT-PU-2024-12663
ALT-PU-2024-12664
ALT-PU-2024-12665
ALT-PU-2024-12666
ALT-PU-2024-12667
ALT-PU-2024-12668
ALT-PU-2024-12669
ALT-PU-2024-12670
ALT-PU-2024-12671
ALT-PU-2024-12673
ALT-PU-2024-12674
ALT-PU-2024-12675
ALT-PU-2024-12676
ALT-PU-2024-12677
ALT-PU-2024-12678
ALT-PU-2024-12679
ALT-PU-2024-12680
ALT-PU-2024-12681
ALT-PU-2024-12682
ALT-PU-2024-12683
ALT-PU-2024-12684
ALT-PU-2024-12685
ALT-PU-2024-12686
ALT-PU-2024-12687
ALT-PU-2024-12688
ALT-PU-2024-12689
ALT-PU-2024-12690
ALT-PU-2024-12691
ALT-PU-2024-12692
ALT-PU-2024-12693
ALT-PU-2024-12694
ALT-PU-2024-12695
ALT-PU-2024-14231
ALT-PU-2024-14233
ALT-PU-2024-14234
ALT-PU-2024-14235
ALT-PU-2024-14236
ALT-PU-2024-14237
ALT-PU-2024-14238
ALT-PU-2024-14239
ALT-PU-2024-14240
ALT-PU-2024-14241
ALT-PU-2024-14242
ALT-PU-2024-14243
ALT-PU-2024-14244
ALT-PU-2024-14245
ALT-PU-2024-14246
ALT-PU-2024-14247
ALT-PU-2024-14248
ALT-PU-2024-14250
ALT-PU-2024-14251
ALT-PU-2024-14252
ALT-PU-2024-14253
ALT-PU-2024-14254
ALT-PU-2024-14255
ALT-PU-2024-14256
ALT-PU-2024-14257
ALT-PU-2024-14258
ALT-PU-2024-14259
ALT-PU-2024-14260
ALT-PU-2024-14261
ALT-PU-2024-14262
ALT-PU-2024-14264
ALT-PU-2024-14265
ALT-PU-2024-14266
ALT-PU-2024-14267
ALT-PU-2024-2801
AZL-26944
BDU:2023-03803
CLEANSTART-2026-IE15850
CVE-2023-32762
DLA-3805-1
MGASA-2023-0190
OESA-2023-1387
OESA-2023-1489
OPENSUSE-SU-2023_2982-1
OPENSUSE-SU-2023_3225-1
OPENSUSE-SU-2023_3380-1
OPENSUSE-SU-2024:12955-1
OPENSUSE-SU-2024:13289-1
SUSE-SU-2023:2982-1
SUSE-SU-2023:3018-1
SUSE-SU-2023:3207-1
SUSE-SU-2023:3225-1
SUSE-SU-2023:3380-1
SUSE-SU-2023_2982-1
SUSE-SU-2023_3018-1
SUSE-SU-2023_3207-1
SUSE-SU-2023_3225-1
USN-7780-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Qt
Red Os
Suse
Ubuntu