Описание
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
A flaw was found in the nginx HTTP/3 implementation. If the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can trigger a use-after-free condition, causing worker processes to leak previously freed memory.
Отчет
This flaw allows an attacker to cause a memory leak. However, the leaked memory is random, can't be controlled by the attacker, and does not include nginx configuration or private keys. For these reasons, this flaw has been rated with a Moderate severity. The nginx package as shipped in Red Hat Enterprise Linux 8, 9 and RHSCL is not affected by this vulnerability because the support for HTTP/3 is not enabled and the vulnerable code was introduced in a later version of nginx.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx:1.22/nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx:1.24/nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx:1.22/nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx:1.24/nginx | Not affected | ||
| Red Hat Software Collections | rh-nginx118-nginx | Not affected | ||
| Red Hat Software Collections | rh-nginx120-nginx | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
Уязвимость модуля HTTP/3 QUIC (ngx_http_v3_module) веб-серверов NGINX Plus и NGINX OSS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
5.3 Medium
CVSS3