All the vulnerabilites related to F5 - NGINX Open Source
cve-2024-35200
Vulnerability from cvelistv5
Published
2024-05-29 16:02
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | F5 | NGINX Open Source |
Version: 1.25.0 < 1.26.1 |
||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx_plus", vendor: "f5", versions: [ { lessThanOrEqual: "r31", status: "affected", version: "r30", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:f5:nginx:1.25.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx", vendor: "f5", versions: [ { lessThanOrEqual: "1.26.0", status: "affected", version: "1.25.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "39", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "40", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-35200", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T18:35:12.047696Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-31T20:51:58.724Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.774Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000139612", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Open Source", vendor: "F5", versions: [ { lessThan: "1.26.1", status: "affected", version: "1.25.0", versionType: "custom", }, ], }, { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Plus", vendor: "F5", versions: [ { lessThan: "R32", status: "affected", version: "R30", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "F5 acknowledges Nils Bars of CISPA for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], datePublic: "2024-05-29T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.", }, ], value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:02:05.342Z", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "vendor-advisory", ], url: "https://my.f5.com/manage/s/article/K000139612", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], source: { discovery: "EXTERNAL", }, title: "NGINX HTTP/3 QUIC vulnerability", x_generator: { engine: "F5 SIRTBot v1.0", }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2024-35200", datePublished: "2024-05-29T16:02:05.342Z", dateReserved: "2024-05-14T16:31:57.502Z", dateUpdated: "2024-08-02T03:07:46.774Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34161
Vulnerability from cvelistv5
Published
2024-05-29 16:02
Modified
2024-08-02 02:51
Severity ?
EPSS score ?
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | F5 | NGINX Open Source |
Version: 1.25.0 ≤ |
||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx_plus", vendor: "f5", versions: [ { lessThanOrEqual: "r31", status: "affected", version: "r30", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:f5:nginx:1.25.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx", vendor: "f5", versions: [ { lessThanOrEqual: "1.26.0", status: "affected", version: "1.25.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34161", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T18:37:24.017204Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:56.027Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:51:10.486Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000139627", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Open Source", vendor: "F5", versions: [ { lessThan: "1.26.1", status: "affected", version: "1.25.0", versionType: "semver", }, ], }, { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Plus", vendor: "F5", versions: [ { lessThan: "R32", status: "affected", version: "R30", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "F5", }, ], datePublic: "2024-05-29T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.", }, ], value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:02:05.696Z", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "vendor-advisory", ], url: "https://my.f5.com/manage/s/article/K000139627", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], source: { discovery: "INTERNAL", }, title: "NGINX HTTP/3 QUIC vulnerability", x_generator: { engine: "F5 SIRTBot v1.0", }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2024-34161", datePublished: "2024-05-29T16:02:05.696Z", dateReserved: "2024-05-14T16:31:57.509Z", dateUpdated: "2024-08-02T02:51:10.486Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7347
Vulnerability from cvelistv5
Published
2024-08-14 14:32
Modified
2024-08-14 19:02
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
5.7 (Medium) - CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
▼ | URL | Tags |
---|---|---|
https://my.f5.com/manage/s/article/K000140529 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | F5 | NGINX Open Source |
Version: 1.5.13 ≤ |
||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-7347", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T15:27:31.795805Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T15:27:40.461Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-14T19:02:29.824Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/14/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "ngx_http_mp4_module", ], product: "NGINX Open Source", vendor: "F5", versions: [ { changes: [ { at: "1.26.2", status: "unaffected", }, { at: "1.27.1", status: "unaffected", }, ], lessThan: "*", status: "affected", version: "1.5.13", versionType: "semver", }, ], }, { defaultStatus: "unknown", modules: [ "ngx_http_m4_module", ], product: "NGINX Plus", vendor: "F5", versions: [ { changes: [ { at: "R31 P3", status: "unaffected", }, { at: "R32 P1", status: "unaffected", }, ], lessThan: "*", status: "affected", version: "R4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "F5 acknowledges Nils Bars for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], datePublic: "2024-08-14T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.</span> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", }, ], value: "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "LOCAL", baseScore: 5.7, baseSeverity: "MEDIUM", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-126", description: "CWE-126: Buffer Over-read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T15:08:07.257Z", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "vendor-advisory", ], url: "https://my.f5.com/manage/s/article/K000140529", }, ], source: { discovery: "EXTERNAL", }, title: "NGINX MP4 module vulnerability", x_generator: { engine: "F5 SIRTBot v1.0", }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2024-7347", datePublished: "2024-08-14T14:32:33.913Z", dateReserved: "2024-07-31T17:59:09.786Z", dateUpdated: "2024-08-14T19:02:29.824Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24989
Vulnerability from cvelistv5
Published
2024-02-14 16:30
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
▼ | URL | Tags |
---|---|---|
https://my.f5.com/manage/s/article/K000138444 | vendor-advisory | |
http://www.openwall.com/lists/oss-security/2024/05/30/4 |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | F5 | NGINX Plus |
Version: R31 < R31 P1 |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.189Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000138444", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "HTTP/3", "QUIC", ], product: "NGINX Plus", vendor: "F5", versions: [ { lessThan: "R31 P1", status: "affected", version: "R31", versionType: "custom", }, ], }, { defaultStatus: "unknown", modules: [ "HTTP/3", "QUIC", ], product: "NGINX Open Source", vendor: "F5", versions: [ { lessThan: "1.25.4", status: "affected", version: "1.25.3", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "F5", }, ], datePublic: "2024-02-14T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.</p><p><strong>Note</strong>: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://nginx.org/en/docs/quic.html\">Support for QUIC and HTTP/3</a>.<br><br>\n\nNOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n<br></p>\n\n<p></p>", }, ], value: "\nWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.\n\nNote: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .\n\n\n\nNOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n\n\n\n\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-14T16:30:26.081Z", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "vendor-advisory", ], url: "https://my.f5.com/manage/s/article/K000138444", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, ], source: { discovery: "INTERNAL", }, title: "NGINX HTTP/3 QUIC vulnerability", x_generator: { engine: "F5 SIRTBot v1.0", }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2024-24989", datePublished: "2024-02-14T16:30:26.081Z", dateReserved: "2024-02-02T00:32:55.375Z", dateUpdated: "2024-08-01T23:36:21.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31079
Vulnerability from cvelistv5
Published
2024-05-29 16:02
Modified
2024-08-02 01:46
Severity ?
EPSS score ?
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | F5 | NGINX Open Source |
Version: 1.25.0 ≤ |
||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx_plus", vendor: "f5", versions: [ { lessThanOrEqual: "r31", status: "affected", version: "r30", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:f5:nginx:1.25.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx", vendor: "f5", versions: [ { lessThanOrEqual: "1.26.0", status: "affected", version: "1.25.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-31079", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T18:38:41.360338Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:36:54.175Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:46:04.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000139611", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Open Source", vendor: "F5", versions: [ { lessThan: "1.26.1", status: "affected", version: "1.25.0", versionType: "semver", }, ], }, { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Plus", vendor: "F5", versions: [ { lessThan: "R32", status: "affected", version: "R30", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "F5 acknowledges Nils Bars of CISPA for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], datePublic: "2024-05-29T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.", }, ], value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:02:04.620Z", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "vendor-advisory", ], url: "https://my.f5.com/manage/s/article/K000139611", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], source: { discovery: "EXTERNAL", }, title: "NGINX HTTP/3 QUIC vulnerability", x_generator: { engine: "F5 SIRTBot v1.0", }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2024-31079", datePublished: "2024-05-29T16:02:04.620Z", dateReserved: "2024-05-14T16:31:57.492Z", dateUpdated: "2024-08-02T01:46:04.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24990
Vulnerability from cvelistv5
Published
2024-02-14 16:30
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
▼ | URL | Tags |
---|---|---|
https://my.f5.com/manage/s/article/K000138445 | vendor-advisory | |
http://www.openwall.com/lists/oss-security/2024/05/30/4 |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | F5 | NGINX Plus |
Version: R31 < R31 P1 Version: R30 < R30 P2 |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.362Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000138445", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "HTTP/3", "QUIC", ], product: "NGINX Plus", vendor: "F5", versions: [ { lessThan: "R31 P1", status: "affected", version: "R31", versionType: "custom", }, { lessThan: "R30 P2", status: "affected", version: "R30", versionType: "custom", }, ], }, { defaultStatus: "unknown", modules: [ "HTTP/3", "QUIC", ], product: "NGINX Open Source", vendor: "F5", versions: [ { lessThan: "1.25.4", status: "affected", version: "1.25.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "F5", }, ], datePublic: "2024-02-14T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.</p><p><strong>Note</strong>: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://nginx.org/en/docs/quic.html\">Support for QUIC and HTTP/3</a>.</p>\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, ], value: "\nWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.\n\nNote: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .\n\n\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-14T16:30:26.445Z", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "vendor-advisory", ], url: "https://my.f5.com/manage/s/article/K000138445", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, ], source: { discovery: "INTERNAL", }, title: "NGINX HTTP/3 QUIC vulnerability", x_generator: { engine: "F5 SIRTBot v1.0", }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2024-24990", datePublished: "2024-02-14T16:30:26.445Z", dateReserved: "2024-02-02T00:32:55.375Z", dateUpdated: "2024-08-01T23:36:21.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32760
Vulnerability from cvelistv5
Published
2024-05-29 16:02
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | F5 | NGINX Open Source |
Version: 1.25.0 ≤ |
||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx_plus", vendor: "f5", versions: [ { lessThanOrEqual: "r31", status: "affected", version: "r30", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:f5:nginx:1.25.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "nginx", vendor: "f5", versions: [ { lessThanOrEqual: "1.26.0", status: "affected", version: "1.25.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "39", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "40", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32760", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T18:25:43.593460Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-31T20:52:45.607Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:20:35.272Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000139609", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Open Source", vendor: "F5", versions: [ { lessThan: "1.26.1", status: "affected", version: "1.25.0", versionType: "semver", }, ], }, { defaultStatus: "unknown", modules: [ "HTTP/3", ], product: "NGINX Plus", vendor: "F5", versions: [ { lessThan: "R32", status: "affected", version: "R30", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "F5 acknowledges Nils Bars of CISPA for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], datePublic: "2024-05-29T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.", }, ], value: "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:02:04.985Z", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "vendor-advisory", ], url: "https://my.f5.com/manage/s/article/K000139609", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/30/4", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", }, ], source: { discovery: "EXTERNAL", }, title: "NGINX HTTP/3 QUIC vulnerability", x_generator: { engine: "F5 SIRTBot v1.0", }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2024-32760", datePublished: "2024-05-29T16:02:04.985Z", dateReserved: "2024-05-14T16:31:57.498Z", dateUpdated: "2024-08-02T02:20:35.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }