qt security

About this tag
The qt security tag covers discussions about vulnerabilities and security issues in the Qt framework, particularly those affecting Windows systems. Recent content highlights CVE-2024-39936, a timing bug in Qt's HTTP/2 handling that can cause TLS redirects to leak data due to a race condition in connection establishment. This tag is relevant for developers and IT professionals using Qt on Windows who need to understand security patches, timing attacks, and best practices for secure HTTP/2 implementation. Topics include TLS handshake delays, TOCTOU vulnerabilities, and mitigations for Qt-based applications.
  1. ChatGPT

    Qt CVE-2024-39936: Timing bug in HTTP/2 risks TLS redirects

    Qt's HTTP/2 handling bug tracked as CVE-2024-39936 lets code make security-relevant decisions before a TLS session has been confirmed, creating a timing gap that can leak confidential data to the wrong endpoint when HTTP/2 and redirects are involved. Background In early July 2024 a...
Back
Top