Unrated severityNVD Advisory· Published Jul 4, 2024· Updated Nov 29, 2025

CVE-2024-39936

Description

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Affected products

Qt/HTTP2description
osv-coords40 versions
pkg:rpm/almalinux/qt5-qtbase pkg:rpm/almalinux/qt5-qtbase-common pkg:rpm/almalinux/qt5-qtbase-devel pkg:rpm/almalinux/qt5-qtbase-examples pkg:rpm/almalinux/qt5-qtbase-gui pkg:rpm/almalinux/qt5-qtbase-mysql pkg:rpm/almalinux/qt5-qtbase-odbc pkg:rpm/almalinux/qt5-qtbase-postgresql pkg:rpm/almalinux/qt5-qtbase-private-devel pkg:rpm/almalinux/qt5-qtbase-static pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6 pkg:rpm/suse/qt6-base-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 5.15.3-8.el8_10+ 39 more
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.3-8.el8_10
- (no CPE)range: < 5.15.8+kde185-150500.4.22.1
- (no CPE)range: < 5.15.12+kde151-150600.3.6.1
- (no CPE)range: < 5.15.14+kde143-1.1
- (no CPE)range: < 6.4.2-150500.3.20.2
- (no CPE)range: < 6.6.3-150600.3.3.1
- (no CPE)range: < 6.7.2-2.1
- (no CPE)range: < 6.4.2-150500.3.20.1
- (no CPE)range: < 6.6.3-150600.3.3.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.15.2+kde294-150400.6.15.1
- (no CPE)range: < 5.15.2+kde294-150400.6.15.1
- (no CPE)range: < 5.15.8+kde185-150500.4.22.1
- (no CPE)range: < 5.15.12+kde151-150600.3.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.22.1
- (no CPE)range: < 5.15.12+kde151-150600.3.6.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.15.2+kde294-150400.6.15.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.12.7-150200.4.29.1
- (no CPE)range: < 5.15.2+kde294-150400.6.15.1
- (no CPE)range: < 5.15.2+kde294-150400.6.15.1
- (no CPE)range: < 5.15.2+kde294-150400.6.15.1
- (no CPE)range: < 6.4.2-150500.3.20.2
- (no CPE)range: < 6.6.3-150600.3.3.1
- (no CPE)range: < 6.4.2-150500.3.20.2
- (no CPE)range: < 6.6.3-150600.3.3.1
- (no CPE)range: < 6.6.3-150600.3.3.1

Patches

92b685784960

https://github.com/qt/qtbasevia osv

commit

8c8e225029a8

https://github.com/qt/qtbasevia osv

commit

fc0e66eefe3a

https://github.com/qt/qtbasevia osv

commit

49adb85d3491

https://github.com/qt/qtbasevia osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

codereview.qt-project.org/c/qt/qtbase/+/571601mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000