Описание
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 requests can trigger a stack-based buffer overflow, causing worker processes to crash and lead to a denial of service.
Отчет
To exploit this flaw, a request must be specifically timed during the connection draining process, which the attacker has no visibility and limited influence. For this reason, this flaw has been rated with a Moderate severity. The nginx package as shipped in Red Hat Enterprise Linux 8, 9 and RHSCL is not affected by this vulnerability because the support for HTTP/3 is not enabled and the vulnerable code was introduced in a later version of nginx.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx:1.22/nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx:1.24/nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx:1.22/nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx:1.24/nginx | Not affected | ||
| Red Hat Software Collections | rh-nginx118-nginx | Not affected | ||
| Red Hat Software Collections | rh-nginx120-nginx | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
Уязвимость модуля HTTP/3 QUIC (ngx_http_v3_module) веб-серверов NGINX Plus и NGINX OSS, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3