CVE-2023-34410Improper Certificate Validation in QT

CWE-295Improper Certificate Validation8 documents7 sources
Severity
5.3MEDIUMNVD
OSV7.5
EPSS
0.1%
top 71.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
QTDebian Qt6-baseDebian Qtbase-opensource-src+4 more
Timeline
PublishedJun 5
Latest updateSep 28

Description

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

NVDqt/qt5.13.05.15.15+2
debiandebian/qt6-base< qt6-base 6.4.2+dfsg-11 (forky)
debiandebian/qtbase-opensource-src< qt6-base 6.4.2+dfsg-11 (forky)
debiandebian/qtbase-opensource-src-gles< qt6-base 6.4.2+dfsg-11 (forky)

Also affects: Debian Linux 10.0, Fedora 38

Patches

Patch: codereview.qt-project.orgPatch: codereview.qt-project.orgPatch: codereview.qt-project.org

🔴Vulnerability Details

3
OSV
qtbase-opensource-src vulnerabilities2025-09-28
GHSA
GHSA-5qcq-v4vg-rv2h: An issue was discovered in Qt before 52023-06-05
OSV
CVE-2023-34410: An issue was discovered in Qt before 52023-06-05

📋Vendor Advisories

4
Ubuntu
Qt vulnerabilities2025-09-28
Microsoft
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configure2023-06-13
Red Hat
qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation2023-06-04
Debian
CVE-2023-34410: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x throug...2023
CVE-2023-34410 — Improper Certificate Validation in QT | cvebase