← Back

CVE-2024-32760

nvd nist
Published: May 29, 2024Modified: Jan 24, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Exploitability: 3.9 / Impact: 2.5
Source: NVD

Description

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

Affected (8)

F5
2 products
Nginx Open Source
Nginx Plus
Fedoraproject
1 product
Fedora
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Nginx Open Source
From 1.25.0 to 1.26.1
F5
Nginx Plus
Version r30
Nginx Plus
Version r30 p1
Nginx Plus
Version r30 p2
Nginx Plus
Version r31
Nginx Plus
Version r31 p1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 39
Fedora
Version 40

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

Source: f5sirt@f5.com
Mailing List
Source: f5sirt@f5.com
Third Party Advisory
Source: f5sirt@f5.com
Third Party Advisory
Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.