UBUNTU-CVE-2024-39936

Source
https://ubuntu.com/security/CVE-2024-39936
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-39936.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-39936
Related
Published
2024-07-04T21:15:00Z
Modified
2024-11-20T12:27:46Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

References

Affected packages

Ubuntu:Pro:16.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-2ubuntu9
5.5.1+dfsg-6ubuntu4
5.5.1+dfsg-10ubuntu2
5.5.1+dfsg-13ubuntu1
5.5.1+dfsg-13ubuntu2
5.5.1+dfsg-13ubuntu3
5.5.1+dfsg-14ubuntu1
5.5.1+dfsg-14ubuntu2
5.5.1+dfsg-14ubuntu3
5.5.1+dfsg-15ubuntu1
5.5.1+dfsg-16ubuntu1
5.5.1+dfsg-16ubuntu6
5.5.1+dfsg-16ubuntu7
5.5.1+dfsg-16ubuntu7.1
5.5.1+dfsg-16ubuntu7.2
5.5.1+dfsg-16ubuntu7.5
5.5.1+dfsg-16ubuntu7.6
5.5.1+dfsg-16ubuntu7.7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-10ubuntu1
5.9.1+dfsg-10ubuntu2
5.9.2+dfsg-4ubuntu6
5.9.3+dfsg-0ubuntu1
5.9.3+dfsg-0ubuntu3
5.9.3+dfsg-0ubuntu4
5.9.4+dfsg-0ubuntu3
5.9.4+dfsg-0ubuntu4
5.9.5+dfsg-0ubuntu1
5.9.5+dfsg-0ubuntu2
5.9.5+dfsg-0ubuntu2.1
5.9.5+dfsg-0ubuntu2.3
5.9.5+dfsg-0ubuntu2.4
5.9.5+dfsg-0ubuntu2.5
5.9.5+dfsg-0ubuntu2.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-4ubuntu1
5.12.5+dfsg-2
5.12.5+dfsg-8
5.12.5+dfsg-8build1
5.12.5+dfsg-9build1
5.12.8+dfsg-0ubuntu1
5.12.8+dfsg-0ubuntu2.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-12
5.15.2+dfsg-13
5.15.2+dfsg-14
5.15.2+dfsg-14ubuntu1
5.15.2+dfsg-14ubuntu3
5.15.2+dfsg-15
5.15.3+dfsg-1
5.15.3+dfsg-2
5.15.3+dfsg-2ubuntu0.1
5.15.3+dfsg-2ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.13+dfsg-1ubuntu1
5.15.13+dfsg-4ubuntu1
5.15.15+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10+dfsg-3
5.15.10+dfsg-5
5.15.10+dfsg-5ubuntu1
5.15.12+dfsg-1ubuntu1
5.15.12+dfsg-3ubuntu1
5.15.12+dfsg-3ubuntu6
5.15.12+dfsg-3ubuntu7
5.15.13+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}