Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2024-39936

Public on 2024-07-04
Modified on 2024-07-06
Description

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Severity
Important
See what this means
CVSS v3 Base Score
8.6
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core qt5-qtbase 2024-10-24 23:54 ALAS2-2024-2678
Amazon Linux 2 - Core qt5-qtgraphicaleffects 2024-10-24 23:54 ALAS2-2024-2672
Amazon Linux 2 - Core qt5-qtdeclarative 2024-10-24 23:54 ALAS2-2024-2676
Amazon Linux 2 - Core qt5-qtx11extras 2024-10-24 23:54 ALAS2-2024-2660
Amazon Linux 2 - Core qt5-qt3d 2024-10-24 23:54 ALAS2-2024-2659
Amazon Linux 2 - Core qt5-qtcanvas3d 2024-10-24 23:54 ALAS2-2024-2664
Amazon Linux 2 - Core qt5-qtimageformats 2024-10-24 23:54 ALAS2-2024-2671
Amazon Linux 2 - Core qt5-qtconnectivity 2024-10-24 23:54 ALAS2-2024-2673
Amazon Linux 2 - Core qt5-qtlocation 2024-10-24 23:54 ALAS2-2024-2670
Amazon Linux 2 - Core qt5-qtconnectivity 2024-10-24 23:54 ALAS2-2024-2673
Amazon Linux 2 - Core qt5-qtmultimedia 2024-10-24 23:54 ALAS2-2024-2669
Amazon Linux 2 - Core qt5-qtquickcontrols 2024-10-24 23:54 ALAS2-2024-2668
Amazon Linux 2 - Core qt5-qtscript 2024-10-24 23:54 ALAS2-2024-2667
Amazon Linux 2 - Core qt5-qtsensors 2024-10-24 23:54 ALAS2-2024-2666
Amazon Linux 2 - Core qt5-qtserialport 2024-10-24 23:54 ALAS2-2024-2665
Amazon Linux 2 - Core qt5-qtsvg 2024-10-24 23:54 ALAS2-2024-2663
Amazon Linux 2 - Core qt5-qttools 2024-10-24 23:54 ALAS2-2024-2677
Amazon Linux 2 - Core qt5-qtxmlpatterns 2024-10-24 23:54 ALAS2-2024-2674
Amazon Linux 2 - Core qt5-qtwebchannel 2024-10-24 23:54 ALAS2-2024-2662
Amazon Linux 2 - Core qt5 2024-10-24 23:54 ALAS2-2024-2675
Amazon Linux 2 - Core qt5-qtwebsockets 2024-10-24 23:54 ALAS2-2024-2661

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
NVD CVSSv3 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

References

Red Hat: CVE-2024-39936 Mitre: CVE-2024-39936 FAQs regarding Amazon Linux ALAS/CVE Severity