Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-32760

Опубликовано: 29 мая 2024
Источник: redhat
CVSS3: 7.5

Описание

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 encoder instructions can trigger an out-of-bounds write error, causing worker processes to crash, leading to a denial of service or other potential impacts.

Отчет

As this flaw allows a remote attacker to cause a denial of service, it has been rated with an important severity. The nginx package as shipped in Red Hat Enterprise Linux 8, 9 and RHSCL is not affected by this vulnerability because the support for HTTP/3 is not enabled and the vulnerable code was introduced in a later version of nginx.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2nginxNot affected
Red Hat Enterprise Linux 8nginx:1.22/nginxNot affected
Red Hat Enterprise Linux 8nginx:1.24/nginxNot affected
Red Hat Enterprise Linux 9nginxNot affected
Red Hat Enterprise Linux 9nginx:1.22/nginxNot affected
Red Hat Enterprise Linux 9nginx:1.24/nginxNot affected
Red Hat Software Collectionsrh-nginx118-nginxNot affected
Red Hat Software Collectionsrh-nginx120-nginxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2283933nginx: undisclosed HTTP/3 encoder instructions terminate or cause or other potential impact

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-32760

CVSS3: 6.5
ubuntu
около 1 года назад

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

nvd логотип

CVE-2024-32760

CVSS3: 6.5
nvd
около 1 года назад

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

debian логотип

CVE-2024-32760

CVSS3: 6.5
debian
около 1 года назад

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...

fstec логотип

BDU:2024-04388

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость модуля HTTP/3 QUIC (ngx_http_v3_module) веб-серверов NGINX Plus и NGINX OSS, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20240702-07

CVSS3: 7.5
redos
12 месяцев назад

Уязвимость nginx

7.5 High

CVSS3