PT-2024-28743 · Qt Company+11 · Qt+11
Published
2024-06-25
·
Updated
2026-03-05
·
CVE-2024-39936
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Qt versions prior to 5.15.18
Qt versions 6.x prior to 6.2.13
Qt versions 6.3.x through 6.5.x prior to 6.5.7
Qt versions 6.6.x through 6.7.x prior to 6.7.3
Description
An issue was discovered in HTTP2 in Qt where code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.
Recommendations
For Qt versions prior to 5.15.18, update to version 5.15.18 or later.
For Qt versions 6.x prior to 6.2.13, update to version 6.2.13 or later.
For Qt versions 6.3.x through 6.5.x prior to 6.5.7, update to version 6.5.7 or later.
For Qt versions 6.6.x through 6.7.x prior to 6.7.3, update to version 6.7.3 or later.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Qt
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu