[NGINX:CVE-2024-32760] Buffer overwrite in HTTP/3
Severity
Medium
Affected Packages
2
Unaffected Packages
2
CVEs
1
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
Package | Affected Version |
---|---|
pkg:nginx/nginx | >= 1.25.0, <= 1.25.5 |
pkg:nginx/nginx | >= 1.26.0 |
Package | Unaffected Version |
---|---|
pkg:nginx/nginx | >= 1.27.0 |
pkg:nginx/nginx | >= 1.26.1 |
- ID
- NGINX:CVE-2024-32760
- Severity
- medium
- Published
-
2024-05-29T16:15:10
(3 months ago) - Modified
-
2024-05-29T16:15:10
(3 months ago) - Rights
- NGINX Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |