First published: Mon Jun 05 2023(Updated: )
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Qt Qt | <5.15.15 | |
Qt Qt | >=6.0.0<6.2.9 | |
Qt Qt | >=6.3.0<6.5.2 | |
F5 BIG-IP | >=17.1.0<=17.1.1 | |
F5 BIG-IP | >=16.1.0<=16.1.5 | |
F5 BIG-IP | >=15.1.0<=15.1.10 | |
F5 Traffix SDC | =5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-34410 is medium with a CVSS score of 5.3.
CVE-2023-34410 affects Qt versions before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2.
The issue in CVE-2023-34410 is that certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
To fix CVE-2023-34410, update to Qt version 5.15.15 or later, 6.2.9 or later, or 6.5.2 or later.
The CWE for CVE-2023-34410 is CWE-295 (Improper Certificate Validation).