Home > Vulnerability Database > CVE-2024-39936

Mend.io Vulnerability Database

CVE-2024-39936

Date: July 3, 2024

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Language: C++

Severity Score

8.6

Related Resources (4)

Url: https://codereview.qt-project.org/c/qt/qtbase/+/571601

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39936

Url: https://security-tracker.debian.org/tracker/CVE-2024-39936

Url: https://www.mend.io/vulnerability-database/CVE-2024-39936

Severity Score

8.6

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39936

Date: July 3, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?