260 matches found
CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...
CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
CVE-2024-34161
CVE-2024-34161 affects NGINX Plus and NGINX Open Source when using the HTTP/3 QUIC module with MTU 4096+ without fragmentation. The root cause is in the HTTP/3 QUIC module (ngx_http_v3_module) handling QUIC packets, which can cause leakage of previously freed memory in NGINX worker processes. The...
Memory disclosure in HTTP/3
Memory disclosure in HTTP/3 Severity: medium CVE-2024-34161 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5, 1.26.0...
NULL pointer dereference in HTTP/3
NULL pointer dereference in HTTP/3 Severity: medium CVE-2024-35200 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5, 1.26.0...
CVE-2024-35200
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...
CVE-2024-35200
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
CVE-2024-31079 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...
CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...
CVE-2024-32760
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...
CVE-2024-31079 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...
CVE-2024-31079
CVE-2024-31079 affects NGINX Plus and NGINX Open Source when using the HTTP/3 QUIC module (ngx_http_v3_module). The underlying issue is triggered by undisclosed HTTP/3 requests timed during the connection draining process, causing worker processes to terminate or similar impact. Exploitation stat...
CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...
CVE-2024-31079
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...
CVE-2024-32760
CVE-2024-32760 affects NGINX Plus and NGINX Open Source when using the HTTP/3 QUIC module (ngx_http_v3_module). The root cause is undisclosed or unspecified HTTP/3 encoder instructions that can cause NGINX worker processes to terminate, leading to DoS or other impact. Observed impact in the conne...
Buffer overwrite in HTTP/3
Buffer overwrite in HTTP/3 Severity: medium CVE-2024-32760 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5, 1.26.0...
Stack overflow and use-after-free in HTTP/3
Stack overflow and use-after-free in HTTP/3 Severity: medium CVE-2024-31079 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5, 1.26.0...
CVE-2024-31079
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...