Containous Traefik Security Vulnerability

Containous Traefik is an open source reverse proxy and load balancing tool. A security vulnerability exists in Containous Traefik versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3, which stems from a vulnerability that allows HTTP/3 Early Data Requests in the QUIC 0-RTT handshake sent via a spoofed ...

ROS-20240702-07

A vulnerability in the HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to writing outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service by using specially crafted HTTP/3...

traefik -- Bypassing IP allow-lists via HTTP/3 early data requests

The traefik authors report: There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses...

Fedora 39 : nginx (2024-2e4858330c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2e4858330c advisory. Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on...

Fedora 40 : nginx (2024-06e6dcbb42)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-06e6dcbb42 advisory. Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on...

OSV-2024-538 Use-of-uninitialized-value in QUICVariableInt::size

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69001 Crash type: Use-of-uninitialized-value Crash state: QUICVariableInt::size Http3SettingsFrame::Http3SettingsFrame Http3FrameFactory::create...

BIT-NGINX-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

BIT-NGINX-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

BIT-NGINX-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

BIT-NGINX-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

BIT-NGINX-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

BIT-NGINX-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities

Nginx is prone to multiple HTTP/3 vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx"; ifdescription...

Internet Bug Bounty: CVE-2024-31079 in nginx

CVE-2024-31079 was discovered in the NGINX HTTP/3 QUIC module. When NGINX Plus or NGINX OSS were configured to use this module, undisclosed HTTP/3 requests could cause NGINX worker processes to terminate or experience other potential impact. The vulnerability was classified as a stack-based buffe...

Internet Bug Bounty: CVE-2024-32760 in nginx

CVE-2024-32760 was discovered in the HTTP/3 QUIC module of NGINX Plus and NGINX OSS. When the module was configured, undisclosed HTTP/3 encoder instructions could cause NGINX worker processes to terminate or experience other potential impact...

Internet Bug Bounty: CVE-2024-35200 in nginx

CVE-2024-35200 was discovered in NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. Undisclosed HTTP/3 requests were found to cause NGINX worker processes to terminate...

CVE-2024-35200

A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker using a specially crafted QUIC session to trigger a NULL pointer dereference error, causing worker processes to crash and lead to a denial of service. Mitigation Mitigation for this issue is either not available...

CVE-2024-34161

A flaw was found in the nginx HTTP/3 implementation. If the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can trigger a use-after-free condition, causing worker processes to leak previously freed memory. Mitigati...

CVE-2024-31079

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 requests can trigger a stack-based buffer overflow, causing worker processes to crash and lead to a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

CVE-2024-32760

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 encoder instructions can trigger an out-of-bounds write error, causing worker processes to crash, leading to a denial of service or other potential impacts. Mitigation Mitigation for this issue is either not available or the...