CVE-2025-6338

NameCVE-2025-6338
DescriptionThere is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qt6-base (PTS)bookworm6.4.2+dfsg-10fixed
trixie6.8.2+dfsg-9fixed
forky6.9.2+dfsg-2fixed
sid6.9.2+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qt6-basesource(unstable)(not affected)

Notes

- qt6-base <not-affected> (Only affects QT on Windows)
https://codereview.qt-project.org/c/qt/qtbase/+/651495
Search for package or bug name: Reporting problems