Welcome! Log In Create A New Profile

Advanced

[nginx-announce] nginx security advisory (CVE-2024-24989, CVE-2024-24990)

Posted by Sergey Kandaurov 
Forum List Message List New Topic
Sergey Kandaurov
[nginx-announce] nginx security advisory (CVE-2024-24989, CVE-2024-24990)
February 14, 2024 12:02PM
Two security issues were identified in nginx HTTP/3 implementation,
which might allow an attacker that uses a specially crafted QUIC session
to cause a worker process crash (CVE-2024-24989, CVE-2024-24990) or
might have potential other impact (CVE-2024-24990).

The issues affect nginx compiled with the ngx_http_v3_module (not
compiled by default) if the "quic" option of the "listen" directive
is used in a configuration file.

The issue affects nginx 1.25.0 - 1.25.3.
The issue is fixed in nginx 1.25.4.


--
Sergey Kandaurov
_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-announce
Reply Quote
Newer Topic Older Topic
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 245
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready