DNA View

CVE-2024-32760

Medium

Low Medium High Critical

6.5

CVSS Score

Published: May 29, 2024

Last Modified: Jan 24, 2025

CWE: CWE-787

Vulnerability Description

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

9 configuration(s) from 2 vendor(s)

nginx_open_source

Version:

1.25.2

CPE:

cpe:2.3:a:f5:nginx_open_source:1.25.2:*:*:*:*:*:*:*

nginx_open_source

Version:

1.25.0

CPE:

cpe:2.3:a:f5:nginx_open_source:1.25.0:*:*:*:*:*:*:*

nginx_open_source

Version:

1.25.4

CPE:

cpe:2.3:a:f5:nginx_open_source:1.25.4:*:*:*:*:*:*:*

nginx_plus

Version:

r30

CPE:

cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*

nginx_open_source

Version:

1.25.1

CPE:

cpe:2.3:a:f5:nginx_open_source:1.25.1:*:*:*:*:*:*:*

nginx_plus

Version:

r31

CPE:

cpe:2.3:a:f5:nginx_plus:r31:p2:*:*:*:*:*:*

nginx_open_source

Version:

1.25.3

CPE:

cpe:2.3:a:f5:nginx_open_source:1.25.3:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

This vulnerability affects 9 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

6.5

out of 10.0

Medium

Weakness Type (CWE)

CWE-787 Top 25 #2

Out-of-bounds Write

Description: The product writes data past the end, or before the beginning, of the intended buffer.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Base