Undisclosed HTTP/3 Encoder Instructions Can Cause NGINX Worker Processes to Terminate
CVE-2024-32760
Summary
The vulnerability identified as CVE-2024-32760 affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential to cause NGINX worker processes to terminate or have other impacts due to undisclosed HTTP/3 encoder instructions. The vulnerability has a base severity of MEDIUM and a base score of 6.5 according to the CVSS 3.1 scoring system. There is no known exploitation of this vulnerability by ransomware groups at this time.
Affected Version(s)
NGINX Open Source 1.25.0 < 1.26.1
NGINX Plus R30
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
feedgrid.io
New CVE-2024-32760 in nginx 1 day, 23 hours ago Internet Bug Bounty disclosed a bug submitted by noentry:...
7 months ago
CVE-2024-32760 Description, Impact and Technical Details
This vulnerability, identified as CVE-2024-32760, affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential…
7 months ago
Nginx - [nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161,...
Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session...
8 months ago
References
CVSS V3.1
Timeline
- 📰
First article discovered by Centmin Mod
Vulnerability published
Vulnerability Reserved