VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-erw1-majr-aaak

Essentials
Severities (90)
References (18)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-erw1-majr-aaak
Aliases	CVE-2024-39936
Summary	qtbase: qtbase: Delay any communication until encrypted() can be responded to
Status	Published
Exploitability	0.5
Weighted Severity	7.7
Risk	3.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json
cvssv3	8.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
epss	0.00231	https://api.first.org/data/v1/epss?cve=CVE-2024-39936
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2024-39936
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2024-39936

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-39936
		https://codereview.qt-project.org/c/qt/qtbase/+/571601
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39936
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1076292		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076292
2295867		https://bugzilla.redhat.com/show_bug.cgi?id=2295867
cpe:2.3:a:qt:qt::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:qt:qt::::::::
CVE-2024-39936		https://nvd.nist.gov/vuln/detail/CVE-2024-39936
RHSA-2024:4617		https://access.redhat.com/errata/RHSA-2024:4617
RHSA-2024:4621		https://access.redhat.com/errata/RHSA-2024:4621
RHSA-2024:4623		https://access.redhat.com/errata/RHSA-2024:4623
RHSA-2024:4638		https://access.redhat.com/errata/RHSA-2024:4638
RHSA-2024:4639		https://access.redhat.com/errata/RHSA-2024:4639
RHSA-2024:4644		https://access.redhat.com/errata/RHSA-2024:4644
RHSA-2024:4645		https://access.redhat.com/errata/RHSA-2024:4645
RHSA-2024:4646		https://access.redhat.com/errata/RHSA-2024:4646
RHSA-2024:4647		https://access.redhat.com/errata/RHSA-2024:4647

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-39936

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-39936

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19114
EPSS Score	0.00072
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-07-05T06:07:29.858739+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39936.json	34.0.0rc4