Описание
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| mantic | not-affected | code not present |
| noble | not-affected | code not present |
| trusty/esm | not-affected | code not present |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
Уязвимость модуля HTTP/3 QUIC (ngx_http_v3_module) веб-серверов NGINX Plus и NGINX OSS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.3 Medium
CVSS3