[NGINX:CVE-2024-24990] Use-after-free in HTTP/3
Severity
Major
Affected Packages
1
Unaffected Packages
1
CVEs
1
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Package | Affected Version |
---|---|
pkg:nginx/nginx | >= 1.25.0, <= 1.25.3 |
Package | Unaffected Version |
---|---|
pkg:nginx/nginx | >= 1.25.4 |
- ID
- NGINX:CVE-2024-24990
- Severity
- major
- Published
-
2024-02-14T17:15:15
(7 months ago) - Modified
-
2024-02-14T17:15:15
(7 months ago) - Rights
- NGINX Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |