https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html

[nginx-announce] nginx security advisory (CVE-2024-24989,
CVE-2024-24990)

Sergey Kandaurov pluknet at nginx.com
Wed Feb 14 17:00:05 UTC 2024

  * Previous message (by thread): [nginx-announce] nginx-1.25.4
  * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------------------------------------------------------------------

Two security issues were identified in nginx HTTP/3 implementation,
which might allow an attacker that uses a specially crafted QUIC session
to cause a worker process crash (CVE-2024-24989, CVE-2024-24990) or
might have potential other impact (CVE-2024-24990).

The issues affect nginx compiled with the ngx_http_v3_module (not
compiled by default) if the "quic" option of the "listen" directive
is used in a configuration file.

The issue affects nginx 1.25.0 - 1.25.3.
The issue is fixed in nginx 1.25.4.


--
Sergey Kandaurov

---------------------------------------------------------------------

  * Previous message (by thread): [nginx-announce] nginx-1.25.4
  * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------------------------------------------------------------------
More information about the nginx-announce mailing list