Vulnerabilities > CVE-2024-32760 - Out-of-bounds Write vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

fedoraproject

CWE-787

NVD

Published: 2024-05-29

Updated: 2025-01-24

Summary

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 Nginx Plus R30 F5 Nginx Plus R31 F5 Nginx Open Source 1.25.0 F5 Nginx Open Source 1.25.1 F5 Nginx Open Source 1.25.2 F5 Nginx Open Source 1.25.3 F5 Nginx Open Source 1.25.4	10
OS	Fedoraproject Fedoraproject Fedora 39 Fedoraproject Fedora 40	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://www.openwall.com/lists/oss-security/2024/05/30/4
http://www.openwall.com/lists/oss-security/2024/05/30/4
https://lists.fedoraproject.org/archives/list/[email protected]/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/
https://my.f5.com/manage/s/article/K000139609
https://my.f5.com/manage/s/article/K000139609