vulnerability
Oracle Linux: CVE-2024-39936: ELSA-2024-4617: qt5-qtbase security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jul 4, 2024 | Aug 16, 2024 | Dec 3, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jul 4, 2024
Added
Aug 16, 2024
Modified
Dec 3, 2025
Description
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending data to an incorrect or malicious server.
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending data to an incorrect or malicious server.
Solutions
oracle-linux-upgrade-qt5-qtbaseoracle-linux-upgrade-qt5-qtbase-commonoracle-linux-upgrade-qt5-qtbase-develoracle-linux-upgrade-qt5-qtbase-docoracle-linux-upgrade-qt5-qtbase-examplesoracle-linux-upgrade-qt5-qtbase-guioracle-linux-upgrade-qt5-qtbase-mysqloracle-linux-upgrade-qt5-qtbase-odbcoracle-linux-upgrade-qt5-qtbase-postgresqloracle-linux-upgrade-qt5-qtbase-private-develoracle-linux-upgrade-qt5-qtbase-staticoracle-linux-upgrade-qt5-rpm-macros
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.