CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

History

24 Jan 2025, 16:21

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/05/30/4 - () http://www.openwall.com/lists/oss-security/2024/05/30/4 - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/ - Third Party Advisory
References () https://my.f5.com/manage/s/article/K000139609 - () https://my.f5.com/manage/s/article/K000139609 - Vendor Advisory
First Time Fedoraproject fedora
F5
F5 nginx Open Source
Fedoraproject
F5 nginx Plus
CPE cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*

21 Nov 2024, 09:15

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/05/30/4 - () http://www.openwall.com/lists/oss-security/2024/05/30/4 -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/ -
References () https://my.f5.com/manage/s/article/K000139609 - () https://my.f5.com/manage/s/article/K000139609 -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) Cuando NGINX Plus o NGINX OSS están configurados para usar el módulo HTTP/3 QUIC, las instrucciones del codificador HTTP/3 no divulgadas pueden hacer que los procesos de trabajo de NGINX finalicen o causen otro impacto potencial.
References
  • () http://www.openwall.com/lists/oss-security/2024/05/30/4 -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/ -

29 May 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-29 16:15

Updated : 2025-01-24 16:21


NVD link : CVE-2024-32760

Mitre link : CVE-2024-32760

CVE.ORG link : CVE-2024-32760


JSON object : View

Products Affected

fedoraproject

  • fedora

f5

  • nginx_open_source
  • nginx_plus
CWE
CWE-787

Out-of-bounds Write