UBUNTU-CVE-2023-32762

Source
https://ubuntu.com/security/CVE-2023-32762
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32762.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-32762
Related
Published
2023-05-28T23:15:00Z
Modified
2024-11-20T12:20:13Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.

References

Affected packages

Ubuntu:Pro:16.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-2ubuntu9
5.5.1+dfsg-6ubuntu4
5.5.1+dfsg-10ubuntu2
5.5.1+dfsg-13ubuntu1
5.5.1+dfsg-13ubuntu2
5.5.1+dfsg-13ubuntu3
5.5.1+dfsg-14ubuntu1
5.5.1+dfsg-14ubuntu2
5.5.1+dfsg-14ubuntu3
5.5.1+dfsg-15ubuntu1
5.5.1+dfsg-16ubuntu1
5.5.1+dfsg-16ubuntu6
5.5.1+dfsg-16ubuntu7
5.5.1+dfsg-16ubuntu7.1
5.5.1+dfsg-16ubuntu7.2
5.5.1+dfsg-16ubuntu7.5
5.5.1+dfsg-16ubuntu7.6
5.5.1+dfsg-16ubuntu7.7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / qtbase-opensource-src-gles

Package

Name
qtbase-opensource-src-gles
Purl
pkg:deb/ubuntu/qtbase-opensource-src-gles?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-2ubuntu9
5.5.1+dfsg-6ubuntu1
5.5.1+dfsg-10ubuntu1
5.5.1+dfsg-13ubuntu1
5.5.1+dfsg-13ubuntu2
5.5.1+dfsg-13ubuntu3
5.5.1+dfsg-14ubuntu1
5.5.1+dfsg-14ubuntu2
5.5.1+dfsg-14ubuntu3
5.5.1+dfsg-15ubuntu1
5.5.1+dfsg-16ubuntu1
5.5.1+dfsg-16ubuntu4
5.5.1+dfsg-16ubuntu5
5.5.1+dfsg-16ubuntu6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-10ubuntu1
5.9.1+dfsg-10ubuntu2
5.9.2+dfsg-4ubuntu6
5.9.3+dfsg-0ubuntu1
5.9.3+dfsg-0ubuntu3
5.9.3+dfsg-0ubuntu4
5.9.4+dfsg-0ubuntu3
5.9.4+dfsg-0ubuntu4
5.9.5+dfsg-0ubuntu1
5.9.5+dfsg-0ubuntu2
5.9.5+dfsg-0ubuntu2.1
5.9.5+dfsg-0ubuntu2.3
5.9.5+dfsg-0ubuntu2.4
5.9.5+dfsg-0ubuntu2.5
5.9.5+dfsg-0ubuntu2.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-4ubuntu1
5.12.5+dfsg-2
5.12.5+dfsg-8
5.12.5+dfsg-8build1
5.12.5+dfsg-9build1
5.12.8+dfsg-0ubuntu1
5.12.8+dfsg-0ubuntu2.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / qtbase-opensource-src-gles

Package

Name
qtbase-opensource-src-gles
Purl
pkg:deb/ubuntu/qtbase-opensource-src-gles?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1build1
5.12.5+dfsg-1
5.12.5+dfsg-2
5.12.8+dfsg-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qt6-base

Package

Name
qt6-base
Purl
pkg:deb/ubuntu/qt6-base?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.2+dfsg-5ubuntu1
6.2.2+dfsg-6ubuntu1
6.2.2+dfsg-6ubuntu2
6.2.4+dfsg-1ubuntu1
6.2.4+dfsg-2ubuntu1
6.2.4+dfsg-2ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-12
5.15.2+dfsg-13
5.15.2+dfsg-14
5.15.2+dfsg-14ubuntu1
5.15.2+dfsg-14ubuntu3
5.15.2+dfsg-15
5.15.3+dfsg-1
5.15.3+dfsg-2
5.15.3+dfsg-2ubuntu0.1
5.15.3+dfsg-2ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qtbase-opensource-src-gles

Package

Name
qtbase-opensource-src-gles
Purl
pkg:deb/ubuntu/qtbase-opensource-src-gles?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-4
5.15.2+dfsg-5
5.15.3+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qt6-base

Package

Name
qt6-base
Purl
pkg:deb/ubuntu/qt6-base?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2+dfsg-21.1build5
6.6.2+dfsg-7
6.6.2+dfsg-8
6.6.2+dfsg-9
6.6.2+dfsg-10
6.6.2+dfsg-11
6.6.2+dfsg-12

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.13+dfsg-1ubuntu1
5.15.13+dfsg-4ubuntu1
5.15.15+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qtbase-opensource-src-gles

Package

Name
qtbase-opensource-src-gles
Purl
pkg:deb/ubuntu/qtbase-opensource-src-gles?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.15+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qt6-base

Package

Name
qt6-base
Purl
pkg:deb/ubuntu/qt6-base?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2+dfsg-18
6.4.2+dfsg-19
6.4.2+dfsg-19build1
6.4.2+dfsg-20
6.4.2+dfsg-21
6.4.2+dfsg-21.1build4
6.4.2+dfsg-21.1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10+dfsg-3
5.15.10+dfsg-5
5.15.10+dfsg-5ubuntu1
5.15.12+dfsg-1ubuntu1
5.15.12+dfsg-3ubuntu1
5.15.12+dfsg-3ubuntu6
5.15.12+dfsg-3ubuntu7
5.15.13+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtbase-opensource-src-gles

Package

Name
qtbase-opensource-src-gles
Purl
pkg:deb/ubuntu/qtbase-opensource-src-gles?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10+dfsg-2
5.15.10+dfsg-3
5.15.12+dfsg-1
5.15.12+dfsg-1ubuntu1
5.15.12+dfsg-1ubuntu2
5.15.13+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}