Undisclosed HTTP/3 Encoder Instructions Can Cause NGINX Worker Processes to Terminate
Key Information
- Vendor
- F5
- Status
- Nginx Open Source
- Nginx Plus
- Vendor
- CVE Published:
- 29 May 2024
Badges
Summary
The vulnerability identified as CVE-2024-32760 affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential to cause NGINX worker processes to terminate or have other impacts due to undisclosed HTTP/3 encoder instructions. The vulnerability has a base severity of MEDIUM and a base score of 6.5 according to the CVSS 3.1 scoring system. There is no known exploitation of this vulnerability by ransomware groups at this time.
Affected Version(s)
NGINX Open Source < 1.26.1
NGINX Plus < R30
News Articles
feedgrid.io
New CVE-2024-32760 in nginx 1Â day, 23Â hours ago Internet Bug Bounty disclosed a bug submitted by noentry:...
5 months ago
CVE-2024-32760 Description, Impact and Technical Details
This vulnerability, identified as CVE-2024-32760, affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential…
5 months ago
Nginx - [nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161,...
Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session...
6 months ago
CVSS V3.1
Timeline
First article discovered by Centmin Mod
Vulnerability published.
Vulnerability Reserved.