ByteOS Network

Vulnerability Details :

CVE-2024-39936

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-04 Jul, 2024 | 00:00

Updated At-19 Mar, 2025 | 20:03

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:04 Jul, 2024 | 00:00

Updated At:19 Mar, 2025 | 20:03

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

Metrics

Version	Base score	Base severity	Vector
3.1	8.6	HIGH	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N

References

Hyperlink	Resource
https://codereview.qt-project.org/c/qt/qtbase/+/571601	N/A

Hyperlink: https://codereview.qt-project.org/c/qt/qtbase/+/571601

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-367	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Type: CWE

CWE ID: CWE-367

Description: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://codereview.qt-project.org/c/qt/qtbase/+/571601	x_transferred

Hyperlink: https://codereview.qt-project.org/c/qt/qtbase/+/571601

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:04 Jul, 2024 | 21:15

Updated At:19 Mar, 2025 | 20:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

qt>>qt>>Versions before 5.15.18(exclusive)

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

qt>>qt>>Versions from 6.0.0(inclusive) to 6.2.13(exclusive)

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

qt>>qt>>Versions from 6.3.0(inclusive) to 6.5.7(exclusive)

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

qt>>qt>>Versions from 6.6.0(inclusive) to 6.7.3(exclusive)

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-367	Primary	nvd@nist.gov
CWE-367	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-367

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-367

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://codereview.qt-project.org/c/qt/qtbase/+/571601	cve@mitre.org	Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/571601	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: https://codereview.qt-project.org/c/qt/qtbase/+/571601

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://codereview.qt-project.org/c/qt/qtbase/+/571601

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Similar CVEs

5Records found

CVE-2023-23520

Matching Score-4

Assigner-Apple Inc.

View Details

Matching Score-4

Assigner-Apple Inc.

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 24.35%

7 Day CHG~0.00%

Published-27 Feb, 2023 | 00:00

Updated-11 Mar, 2025 | 18:15

A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.

Vendor-Apple Inc.

Product-macos iphone_os ipados watchOS macOS tvOS iOS and iPadOS

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2022-3590

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.9||MEDIUM

EPSS-19.80% / 95.23%

7 Day CHG~0.00%

Published-14 Dec, 2022 | 08:33

Updated-21 Apr, 2025 | 15:15

WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.

Vendor-WordPress WordPress.org

Product-wordpress WordPress

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2021-30343

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-9.1||CRITICAL

EPSS-0.18% / 39.50%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 10:11

Updated-03 Aug, 2024 | 22:32

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Vendor-Qualcomm Technologies, Inc.

Product-wcn3991_firmware wsa8830 sd678 sm6250p_firmware qca8337 wcd9360_firmware sdx65 wcn3950_firmware sd765g_firmware qca6595au_firmware qca6390_firmware sd690_5g sd730_firmware wcd9370 sd_675_firmware sd675_firmware qca6426 wcn3998 wcd9385_firmware sdxr2_5g_firmware wcn3950 sd720g sd_8_gen1_5g_firmware sm6375_firmware sm7315_firmware qca6574au_firmware sdx55_firmware qca6595au qca8081_firmware wcd9375_firmware wcn3998_firmware sm7250p_firmware wcd9360 qca6436_firmware sd778g sa515m_firmware qcs6490 sdxr2_5g wcn3988_firmware sm6250 sd778g_firmware wsa8810_firmware sd765g sd765_firmware qca6436 wcn6851 qca8081 wcd9385 wcd9341 qca6696_firmware qcs6490_firmware sd750g sd870_firmware qca6390 ar8035 sd750g_firmware wcd9375 sm6250_firmware wsa8830_firmware sd865_5g_firmware qcm6490 sd888_5g_firmware wcn3988 wcn6850_firmware wsa8815_firmware wsa8835_firmware qcx315 sm8475 wcn6750_firmware sm6375 wcn3991 qca8337_firmware wcd9380_firmware sd_675 sd780g sd865_5g sdx55m_firmware wcn6856_firmware sd888 wsa8835 qcx315_firmware wcd9380 sd888_5g sm6250p qca6574a sd690_5g_firmware wcn6855_firmware sm7325p wcn3980 wcn6750 sa515m wsa8815 sm7325p_firmware wcn6850 sd765 qca6426_firmware qca6574a_firmware sd768g_firmware wcn3980_firmware sm7315 sd730 qca6391 sdx55m wcn6740_firmware sdx65_firmware sd678_firmware qcm6490_firmware sd480_firmware wcn6851_firmware qca6574au wcd9341_firmware sd480 sd870 wsa8810 wcn6855 wcn6856 sd768g wcn6740 qca6696 qca6391_firmware sd780g_firmware wcd9370_firmware sdx55 sd888_firmware sd675 sm7250p sd720g_firmware ar8035_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2024-9512

Matching Score-4

Assigner-GitLab Inc.

View Details

Matching Score-4

Assigner-GitLab Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.01% / 0.88%

7 Day CHG~0.00%

Published-12 Jun, 2025 | 14:02

Updated-08 Aug, 2025 | 18:22

Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Vendor-GitLab Inc.

Product-gitlab GitLab

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2021-30342

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-9.1||CRITICAL

EPSS-0.36% / 57.15%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 10:11

Updated-03 Aug, 2024 | 22:32

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

Vendor-Qualcomm Technologies, Inc.

Product-fsm10055 qca9377_firmware mdm9150_firmware wcn3991_firmware sd678 mdm9640_firmware sa6150p_firmware sa8145p_firmware qcs610 sm6250p_firmware wsa8830 qcs2290_firmware fsm10056 sd7c_firmware csrb31024 mdm9628_firmware mdm9650 fsm10055_firmware qcs4290 wcn3950_firmware mdm9250 sa8150p_firmware qca6420_firmware qca6595au_firmware qcs2290 sd730_firmware wcd9370 sd_675_firmware sd675_firmware qcs6125_firmware qca6584au_firmware qca9377 sa415m wcn3998 sdw2500_firmware sd_8cx_gen2_firmware wcn3950 mdm9628 sd720g mdm9206_firmware qsw8573_firmware sd662 sd460_firmware qca6584 qca6574au_firmware qca6595au sdx12_firmware wcd9375_firmware wcn3998_firmware msm8909w apq8009w_firmware qca6420 wcn3610_firmware mdm9207 qca6564au_firmware qca6584au sa6155p_firmware qca9367_firmware sd680_firmware wcd9306 mdm8207 sd_8cx_gen2 sd429 qca9367 qcs6125 qca4004_firmware mdm9607_firmware sd662_firmware mdm9655_firmware sa415m_firmware wcn3988_firmware qca6430 sa6145p_firmware sd205 sd429_firmware sm6250 wcd9306_firmware sa8195p apq8017_firmware sw5100 fsm10056_firmware sd680 sa6155p qca6174a_firmware mdm9250_firmware qcs4290_firmware mdm9655 qca6696_firmware wcn3910_firmware wcd9375 aqt1000 sa8150p sm6250_firmware mdm9207_firmware qca4004 wsa8830_firmware sda429w sd210 sd855_firmware sd660 wcn3620_firmware sdx20_firmware wcn3988 wsa8835_firmware sd660_firmware wcn3620 sa8195p_firmware apq8017 qca6564a wcn3610 qcm6125_firmware mdm9640 qcm2290_firmware wcn3991 sda429w_firmware wcd9380_firmware sd_675 sdm429w msm8996au_firmware sw5100p wcd9330 qca6564au sdx24 msm8909w_firmware qca6574 msm8996au sdm429w_firmware wsa8835 sd665_firmware wcd9380 sd850 sm6250p qcs410 qca6574a mdm9206 qca6174a sdx24_firmware qca6430_firmware sd439_firmware qsw8573 mdm9205 qca6574_firmware sd855 sd665 sd7c wcn3910 qca6584_firmware mdm9650_firmware qca6574a_firmware sd850_firmware sd460 sd730 sdxr1_firmware wcd9330_firmware aqt1000_firmware sd678_firmware qcm4290 csrb31024_firmware sdx20 qca6574au sa8155p_firmware mdm9607 sd205_firmware qca6564a_firmware apq8009w qcm6125 qcm4290_firmware sw5100p_firmware sd210_firmware qcs610_firmware mdm9150 sa6145p sdxr1 apq8096au sa8145p mdm8207_firmware qca6696 mdm9205_firmware wcd9370_firmware sa6150p sdw2500 apq8096au_firmware sa8155p sd675 sd439 sd720g_firmware sdx12 sw5100_firmware qcs410_firmware qcm2290 Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2024-39936

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs