Undisclosed HTTP/3 Encoder Instructions Can Cause NGINX Worker Processes to Terminate
CVE-2024-32760
What is CVE-2024-32760?
The vulnerability identified as CVE-2024-32760 affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential to cause NGINX worker processes to terminate or have other impacts due to undisclosed HTTP/3 encoder instructions. The vulnerability has a base severity of MEDIUM and a base score of 6.5 according to the CVSS 3.1 scoring system. There is no known exploitation of this vulnerability by ransomware groups at this time.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
NGINX Open Source 1.25.0 < 1.26.1
NGINX Plus R30
News Articles
feedgrid.io
New CVE-2024-32760 in nginx 1Â day, 23Â hours ago Internet Bug Bounty disclosed a bug submitted by noentry:...
CVE-2024-32760 Description, Impact and Technical Details
This vulnerability, identified as CVE-2024-32760, affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential…
Nginx - [nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161,...
Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session...
References
CVSS V3.1
Timeline
- đź“°
First article discovered by Centmin Mod
Vulnerability published
Vulnerability Reserved