CVE-2024-39936

Summary

CVE-2024-39936 is a vulnerability affecting HTTP2 in Qt versions before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. This issue arises from premature execution of code that makes security-relevant decisions about an established connection. Specifically, the encrypted() signal, which is expected to be emitted and processed before such decisions, may not have been fully processed yet. This could potentially allow an attacker to manipulate the connection before the necessary security checks are applied.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.