Security advisory: Qt Network

A recent SSL issue affecting both OpenSSL and Schannel in Qt Network has been reported and has been assigned the CVE id CVE-2023-34410.

In some circumstances, system CA certificates list remains unexpectedly active for the authentication of SSL peers. In a case where clients are supposed to be authenticated by server side using a custom restricted CA certificate list, and if the server is vulnerable, this allows malicious clients to successfully pass the SSL authentication against the server, by being able to use a very wide range of unexpectedly valid SSL private keys and certificates to do so.

Solution: Apply the following patches or update to Qt 5.15.15, Qt 6.2.9 or Qt 6.5.2


dev: and
Qt 6.5: and or
Qt 6.2:
Qt 5.15:

Update 13:53 CEST: The original CVE id was incorrect, so this was edited to use the correct one.

Blog Topics: