mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
129 lines
4.1 KiB
JSON
129 lines
4.1 KiB
JSON
{
|
|
"id": "CVE-2024-39936",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-07-04T21:15:10.180",
|
|
"lastModified": "2024-11-21T09:28:36.910",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se descubri\u00f3 un problema en HTTP2 en Qt antes de 5.15.18, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.7 y 6.6.x hasta 6.7.x antes de 6.7.3. El c\u00f3digo para tomar decisiones relevantes para la seguridad sobre una conexi\u00f3n establecida puede ejecutarse demasiado pronto, porque la se\u00f1al encrypted() a\u00fan no se ha emitido ni procesado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "cve@mitre.org",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
|
|
"baseScore": 8.6,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 4.0
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"baseScore": 5.9,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.2,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-367"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "5.15.18",
|
|
"matchCriteriaId": "E12B8628-DB3E-4ED1-9D7F-261C5895F69E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.0.0",
|
|
"versionEndExcluding": "6.2.13",
|
|
"matchCriteriaId": "838DE514-7032-40DC-AF57-1661CB8FAFB5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.3.0",
|
|
"versionEndExcluding": "6.5.7",
|
|
"matchCriteriaId": "E25AAED6-E83F-4CB9-8CE2-428F76942B68"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.6.0",
|
|
"versionEndExcluding": "6.7.3",
|
|
"matchCriteriaId": "1030EC9F-B558-4FA9-A31D-2053DEA52F3A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |