← voltar
CVE-2023-32762

CVE-2023-32762

CVSS 5.3 MEDIUMEPSS 0.9%
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://codereview.qt-project.org/c/qt/qtbase/+/476140https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305https://lists.debian.org/debian-lts-announce/2024/04/msg00027.htmlhttps://lists.qt-project.org/pipermail/announce/2023-May/000414.html