Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-39936

Опубликовано: 04 июл. 2024
Источник: debian
EPSS Низкий

Описание

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qt6-basefixed6.8.2+dfsg-5package
qt6-baseno-dsabookwormpackage
qtbase-opensource-srcfixed5.15.13+dfsg-3package
qtbase-opensource-srcfixed5.15.8+dfsg-11+deb12u3bookwormpackage
qtbase-opensource-srcno-dsabullseyepackage
qtbase-opensource-src-glesfixed5.15.15+dfsg-1experimentalpackage
qtbase-opensource-src-glesunfixedpackage

Примечания

  • https://codereview.qt-project.org/c/qt/qtbase/+/571601

  • https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=b1e75376cc3adfc7da5502a277dfe9711f3e0536

  • https://github.com/qt/qtbase/commit/0fb43e4395da34d561814242a0186999e4956e28 (v6.8.0-beta3)

  • The -gles package doesn't build the HTTP2 code, only included in the source package

EPSS

Процентиль: 29%
0.00101
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-39936

CVSS3: 8.6
ubuntu
12 месяцев назад

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

redhat логотип

CVE-2024-39936

CVSS3: 7.5
redhat
12 месяцев назад

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

nvd логотип

CVE-2024-39936

CVSS3: 8.6
nvd
12 месяцев назад

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

msrc логотип

CVE-2024-39936

CVSS3: 5.9
msrc
10 месяцев назад

Описание отсутствует

rocky логотип

RLSA-2024:4623

rocky
11 месяцев назад

Important: qt5-qtbase security update

EPSS

Процентиль: 29%
0.00101
Низкий