An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
References
Link | Resource |
---|---|
https://codereview.qt-project.org/c/qt/qtbase/+/571601 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Jul 2024, 16:41
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-367 | |
First Time |
Qt
Qt qt |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
References | () https://codereview.qt-project.org/c/qt/qtbase/+/571601 - Vendor Advisory | |
CPE | cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* |
05 Jul 2024, 12:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Jul 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-04 21:15
Updated : 2024-07-08 16:41
NVD link : CVE-2024-39936
Mitre link : CVE-2024-39936
CVE.ORG link : CVE-2024-39936
JSON object : View
Products Affected
qt
- qt
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition