- Description
- An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E12B8628-DB3E-4ED1-9D7F-261C5895F69E",
"versionEndExcluding": "5.15.18"
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "838DE514-7032-40DC-AF57-1661CB8FAFB5",
"versionEndExcluding": "6.2.13",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E25AAED6-E83F-4CB9-8CE2-428F76942B68",
"versionEndExcluding": "6.5.7",
"versionStartIncluding": "6.3.0"
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1030EC9F-B558-4FA9-A31D-2053DEA52F3A",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "6.6.0"
}
],
"operator": "OR"
}
]
}
]