Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-39936

Опубликовано: 04 июл. 2024
Источник: debian
EPSS Низкий

Описание

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qt6-basefixed6.8.2+dfsg-5package
qt6-baseno-dsabookwormpackage
qtbase-opensource-srcfixed5.15.13+dfsg-3package
qtbase-opensource-srcfixed5.15.8+dfsg-11+deb12u3bookwormpackage
qtbase-opensource-srcno-dsabullseyepackage
qtbase-opensource-src-glesfixed5.15.15+dfsg-1experimentalpackage
qtbase-opensource-src-glesunfixedpackage

Примечания

  • https://codereview.qt-project.org/c/qt/qtbase/+/571601

  • https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=b1e75376cc3adfc7da5502a277dfe9711f3e0536

  • https://github.com/qt/qtbase/commit/0fb43e4395da34d561814242a0186999e4956e28 (v6.8.0-beta3)

  • The -gles package doesn't build the HTTP2 code, only included in the source package

EPSS

Процентиль: 36%
0.00151
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-39936

CVSS3: 8.6
ubuntu
больше 1 года назад

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

redhat логотип

CVE-2024-39936

CVSS3: 7.5
redhat
больше 1 года назад

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

nvd логотип

CVE-2024-39936

CVSS3: 8.6
nvd
больше 1 года назад

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

msrc логотип

CVE-2024-39936

CVSS3: 5.9
msrc
около 1 года назад

Описание отсутствует

rocky логотип

RLSA-2024:4623

rocky
больше 1 года назад

Important: qt5-qtbase security update

EPSS

Процентиль: 36%
0.00151
Низкий