CVE-2024-39936 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
mitre	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Vendor	Product	Version
qt	qt	𝑥 < 5.15.18
qt	qt	6.0.0 ≤ 𝑥 < 6.2.13
qt	qt	6.3.0 ≤ 𝑥 < 6.5.7
qt	qt	6.6.0 ≤ 𝑥 < 6.7.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qt6-base

bookworm	no-dsa
bullseye	no-dsa
trixie	6.8.2+dfsg-9 fixed
forky	6.8.2+dfsg-10 fixed
sid	6.8.2+dfsg-10 fixed

qtbase-opensource-src

bullseye	no-dsa
bookworm	5.15.8+dfsg-11+deb12u3 no-dsa
forky	5.15.15+dfsg-6 fixed
sid	5.15.15+dfsg-6 fixed
trixie	5.15.15+dfsg-6 fixed

qtbase-opensource-src-gles

bullseye	no-dsa
bookworm	no-dsa
forky	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

qtbase-opensource-src

plucky	not-affected
oracular	ignored
noble	needed
mantic	ignored
jammy	needed
focal	needed
bionic	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

References

https://codereview.qt-project.org/c/qt/qtbase/+/571601

https://codereview.qt-project.org/c/qt/qtbase/+/571601