Lucene search
F5CVELIST:CVE-2024-32760HistoryMay 29, 2024 - 4:02 p.m.
CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability
2024-05-2916:02:04
CWE-787
f5
www.cve.org
12
nginx
http/3
quic
vulnerability
encoder
instructions
worker processes
terminate
potential impact
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
15.5%
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"HTTP/3"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "1.26.1",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"HTTP/3"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"lessThan": "R32",
"status": "affected",
"version": "R30",
"versionType": "custom"
}
]
}
]Related
redhatcve
redhatcve
CVE-2024-32760
2024-05-30 08:33:44
debiancve
debiancve
CVE-2024-32760
2024-05-29 16:15:10
nginx
nginx
Buffer overwrite in HTTP/3
2024-05-29 16:15:10
osv
osv
CGA-4m7q-3jxm-w892
2024-06-06 12:22:39
CGA-2vg7-8gww-prh8
2024-07-15 21:51:11
CGA-gcq3-mr9r-vh46
2024-07-15 21:58:22
ubuntucve
ubuntucve
CVE-2024-32760
2024-05-29 00:00:00
redos
redos
ROS-20240702-07
2024-07-02 00:00:00
vulnrichment
vulnrichment
CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability
2024-05-29 16:02:04
hackerone
hackerone
Internet Bug Bounty: CVE-2024-32760 in nginx
2024-05-30 09:25:02
cve
cve
CVE-2024-32760
2024-05-29 16:15:10
alpinelinux
alpinelinux
CVE-2024-32760
2024-05-29 16:15:10
f5
f5
K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760
2024-05-29 00:00:00
K000139628: Out-of-band Security Notification (May 29, 2024)
2024-05-29 00:00:00
wolfi
wolfi
CVE-2024-32760 vulnerabilities
2024-09-22 18:18:07
nvd
nvd
CVE-2024-32760
2024-05-29 16:15:10
nessus
nessus
FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)
2024-05-30 00:00:00
Fedora 39 : nginx (2024-2e4858330c)
2024-06-08 00:00:00
Photon OS 5.0: Nginx PHSA-2024-5.0-0302
2024-07-24 00:00:00
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-2e4858330c)
2024-06-09 00:00:00
Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities
2024-05-31 00:00:00
Fedora: Security Advisory (FEDORA-2024-06e6dcbb42)
2024-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: nginx-1.26.1-1.fc39
2024-06-08 19:35:25
[SECURITY] Fedora 40 Update: nginx-1.26.1-1.fc40
2024-06-08 05:23:22
freebsd
freebsd
nginx -- Multiple Vulnerabilities in HTTP/3
2024-05-29 00:00:00
ibm
ibm
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0638
2024-06-24 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0302
2024-06-24 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
15.5%
Related for CVELIST:CVE-2024-32760