← Back

CVE-2023-34410

nvd nist
Published: Jun 5, 2023Modified: Mar 20, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

Affected (5)

Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Qt
1 product
Qt
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Qt
Qt
From 5.13.0 to 5.15.15
Qt
From 6.0.0 to 6.2.9
Qt
From 6.3.0 to 6.5.2

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (8)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.