CVE-2024-39936
First published: Thu Jul 04 2024(Updated: )
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qt Qt | <5.15.18 | |
| Qt Qt | >=6.0.0<6.2.13 | |
| Qt Qt | >=6.3.0<6.5.7 | |
| Qt Qt | >=6.6.0<6.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://codereview.qt-project.org/c/qt/qtbase/+/571601
- https://access.redhat.com/errata/RHSA-2024:4617
- https://access.redhat.com/errata/RHSA-2024:4621
- https://access.redhat.com/errata/RHSA-2024:4623
- https://access.redhat.com/errata/RHSA-2024:4647
- https://access.redhat.com/errata/RHSA-2024:4638
- https://access.redhat.com/errata/RHSA-2024:4644
- https://access.redhat.com/errata/RHSA-2024:4639
- https://access.redhat.com/errata/RHSA-2024:4646
- https://access.redhat.com/errata/RHSA-2024:4645
- https://bugzilla.redhat.com/show_bug.cgi?id=2295867
- agent/type
- agent/first-publish-date
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/softwarecombine
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-39936
- vendor/qt
- canonical/qt qt
- version/qt qt/6.0.0
- version/qt qt/6.3.0
- version/qt qt/6.6.0