Lucene search

[email protected]NVD:CVE-2024-39936

HistoryJul 04, 2024 - 9:15 p.m.

CVE-2024-39936

2024-07-0421:15:10

CWE-367

[email protected]

web.nvd.nist.gov

http2

security-relevant decisions

encrypted signal

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.3%

JSON

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed…

Affected configurations

Nvd

Node

qtqtRange<5.15.18

qtqtRange6.0.0–6.2.13

qtqtRange6.3.0–6.5.7

qtqtRange6.6.0–6.7.3

VendorProductVersionCPE
qtqt*cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qt	qt	*	cpe:2.3:a:qt:qt::::::::

References

codereview.qt-project.org/c/qt/qtbase/+/571601

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.3%

JSON

Related for NVD:CVE-2024-39936

vulnrichment1 nessus27 osv5 redhat11 openvas6 fedora4 cbl_mariner2 qt1 rocky2 oraclelinux3 redhatcve1 ubuntucve1 alpinelinux1 almalinux2 debiancve1 cvelist1 cve1 ibm1