Vulnerability Details CVE-2024-32760
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.4%
CVSS Severity
CVSS v3 Score 6.5
References
- http://www.openwall.com/lists/oss-security/2024/05/30/4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/
- https://my.f5.com/manage/s/article/K000139609
- http://www.openwall.com/lists/oss-security/2024/05/30/4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/
- https://my.f5.com/manage/s/article/K000139609
Products affected by CVE-2024-32760
-
cpe:2.3:a:f5:nginx_open_source:1.25.0
-
cpe:2.3:a:f5:nginx_open_source:1.25.1
-
cpe:2.3:a:f5:nginx_open_source:1.25.2
-
cpe:2.3:a:f5:nginx_open_source:1.25.3
-
cpe:2.3:a:f5:nginx_open_source:1.25.4
-
cpe:2.3:a:f5:nginx_plus:r30
-
cpe:2.3:a:f5:nginx_plus:r31
-
cpe:2.3:o:fedoraproject:fedora:39
-
cpe:2.3:o:fedoraproject:fedora:40