[NGINX:CVE-2024-32760] Buffer overwrite in HTTP/3

Severity Medium

Affected Packages 2

Unaffected Packages 2

CVEs 1

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

Package	Affected Version
pkg:nginx/nginx	>= 1.25.0, <= 1.25.5
pkg:nginx/nginx	>= 1.26.0

Package	Unaffected Version
pkg:nginx/nginx	>= 1.27.0
pkg:nginx/nginx	>= 1.26.1

ID

NGINX:CVE-2024-32760

Severity

medium

Published

2024-05-29T16:15:10
(3 months ago)

Modified

2024-05-29T16:15:10
(3 months ago)

Rights

NGINX Security Team

Other Advisories

Type	Package URL	Name / Product	Version
Affected	pkg:nginx/nginx	nginx	>= 1.25.0 <= 1.25.5
Affected	pkg:nginx/nginx	nginx	>= 1.26.0
Unaffected	pkg:nginx/nginx	nginx	>= 1.27.0
Unaffected	pkg:nginx/nginx	nginx	>= 1.26.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date