256 matches found
Use-after-free in HTTP/3
Use-after-free in HTTP/3 Severity: major CVE-2024-24990 Not vulnerable: 1.25.4+ Vulnerable: 1.25.0-1.25.3...
CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990
Summary of CVE-2024-24990 (NGINX HTTP/3 QUIC): The issue affects NGINX Plus and NGINX Open Source when the HTTP/3 QUIC module is enabled. Undisclosed requests can trigger a denial-of-service by causing NGINX worker processes to terminate. In practice, this is a data-plane DoS with no control-plan...
CVE-2024-24989
CVE-2024-24989 affects NGINX Plus and NGINX Open Source when configured with the HTTP/3 QUIC module. The underlying issue is in the HTTP/3 QUIC module, which can cause NGINX worker processes to terminate, yielding a denial-of-service condition. The vulnerability is tied to the HTTP/3 QUIC module ...
CVE-2024-24989 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
K000138445: NGINX HTTP/3 QUIC vulnerability CVE-2024-24990
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24990 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...
K000138444: NGINX HTTP/3 QUIC vulnerability CVE-2024-24989
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24989 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...
CVE-2024-24989
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
nginx-devel -- Multiple Vulnerabilities in HTTP/3
The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session...
Litespeed Technologie LiteSpeed QUIC Security Vulnerability
Litespeed Technologie LiteSpeed QUIC LSQUIC is an open source implementation of QUIC and HTTP/3 functionality for servers and clients from Litespeed Technologie, USA. A security vulnerability exists in Litespeed Technologie LiteSpeed QUIC versions prior to 4.0.4, which stems from a mishandled...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
Memory corruption
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247 h2o QUIC state exhaustion DoS
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247 h2o QUIC state exhaustion DoS
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
FreeBSD : h2o -- uninitialised memory access in HTTP3 (1d3677a8-9143-42d8-84a3-0585644dff4b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1d3677a8-9143-42d8-84a3-0585644dff4b advisory. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access...