CVE-2024-31079

NGINX HTTP/3 QUIC vulnerability

Severity Score

4.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.

Cuando NGINX Plus o NGINX OSS están configurados para usar el módulo HTTP/3 QUIC, las solicitudes HTTP/3 no divulgadas pueden hacer que los procesos de trabajo de NGINX finalicen o causen otros impactos potenciales. Este ataque requiere que una solicitud se programe específicamente durante el proceso de drenaje de la conexión, sobre el cual el atacante no tiene visibilidad y tiene influencia limitada.

*Credits: F5 acknowledges Nils Bars of CISPA for bringing this issue to our attention and following the highest standards of coordinated disclosure.

CVSS Scores

F5 Networksv3.1 4.8

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-14 CVE Reserved
2024-05-29 CVE Published
2024-06-11 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow

CAPEC

References (4)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2024/05/30/4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://my.f5.com/manage/s/article/K000139611	2024-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
F5 Search vendor "F5"		NGINX Open Source Search vendor "F5" for product "NGINX Open Source"				>= 1.25.0 < 1.26.1 Search vendor "F5" for product "NGINX Open Source" and version " >= 1.25.0 < 1.26.1"		en		Affected