CVE-2023-34410
First published: Mon Jun 05 2023(Updated: )
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qt Qt | <5.15.15 | |
| Qt Qt | >=6.0.0<6.2.9 | |
| Qt Qt | >=6.3.0<6.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://codereview.qt-project.org/c/qt/qtbase/+/477560
- https://codereview.qt-project.org/c/qt/qtbase/+/480002
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/
Frequently Asked Questions
What is the severity of CVE-2023-34410?
The severity of CVE-2023-34410 is medium with a CVSS score of 5.3.
How does CVE-2023-34410 affect Qt?
CVE-2023-34410 affects Qt versions before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2.
What is the issue in CVE-2023-34410?
The issue in CVE-2023-34410 is that certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
How can I fix CVE-2023-34410?
To fix CVE-2023-34410, update to Qt version 5.15.15 or later, 6.2.9 or later, or 6.5.2 or later.
What is the Common Weakness Enumeration (CWE) for CVE-2023-34410?
The CWE for CVE-2023-34410 is CWE-295 (Improper Certificate Validation).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/qt
- canonical/qt qt
- version/qt qt/6.0.0
- version/qt qt/6.3.0