CVE-2023-34410

MEDIUM

Debian Linux < 5.15.15 - Improper Certificate Validation

Title source: rule

Description

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

References (4)

Core 4

Core References

Patch

https://codereview.qt-project.org/c/qt/qtbase/+/477560

Patch

https://codereview.qt-project.org/c/qt/qtbase/+/480002

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html

Scores

CVSS v3 5.3

EPSS 0.0010

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (3)

debian/debian_linux 10.0

fedoraproject/fedora 38

qt/qt 5.13.0 - 5.15.15

Published Jun 05, 2023

Tracked Since Feb 18, 2026