CVE-2024-24990
CVSS V2 None
CVSS V3 None
Description
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Overview
- CVE ID
- CVE-2024-24990
- Assigner
- f5
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-02-14T16:30:26.445Z
- Last Modified Date
- 2024-02-14T16:30:26.445Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000138445 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2024/05/30/4 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-24990 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24990 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 03:56:02 | Added to TrackCVE |