CVE-2024-32760
Published: 29 May 2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
Notes
Author | Note |
---|---|
sbeattie | QUIC support was added in nginx 1.25.0 |
Priority
Status
Package | Release | Status |
---|---|---|
nginx Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
noble |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|