VDB
DEBIAN-CVE-2024-39936
DEBIAN-CVE-2024-39936
PUBLISHED
CVSS 5.900000095367432 MEDIUM
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | qtbase-opensource-src-gles | 0, 5.15.15+dfsg-2, 5.15.17+dfsg-1 |
| Debian:11 | qtbase-opensource-src-gles | 5.15.4+dfsg, 5.15.4+dfsg, 5.15.13+dfsg |
| Debian:12 | qtbase-opensource-src | 5.15.8+dfsg, 5.15.8+dfsg, 5.15.8+dfsg |
| Debian:13 | qtbase-opensource-src | 0, 0 |
| Debian:13 | qtbase-opensource-src-gles | 5.15.15+dfsg, 5.15.18+dfsg, 5.15.17+dfsg |
| Debian:13 | qt6-base | 0, 0 |
| Debian:14 | qt6-base | 0, 0 |
| Debian:14 | qtbase-opensource-src | 0, 0 |
| Debian:11 | qtbase-opensource-src | 5.15.2+dfsg, 0, 5.15.2+dfsg-9+deb11u1 |
| Debian:12 | qt6-base | 6.4.2+dfsg, 6.4.2+dfsg, 6.4.2+dfsg |
| Debian:12 | qtbase-opensource-src-gles | 0, 5.15.10+dfsg-1, 5.15.10+dfsg-5 |
Timeline
- Jul 4, 2024 CVE Published
- Apr 28, 2026 CVE Updated