CVE-2024-39936 | THREATINT

Description

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

PUBLISHED Reserved 2024-07-04 | Published 2024-07-04 | Updated 2025-11-29 | Assigner mitre

HIGH: 8.6CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N

References

codereview.qt-project.org/c/qt/qtbase/+/571601

lists.debian.org/debian-lts-announce/2025/11/msg00031.html

codereview.qt-project.org/c/qt/qtbase/+/571601

cve.org (CVE-2024-39936)

nvd.nist.gov (CVE-2024-39936)

Download JSON