When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or causeĀ other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 24 Jan 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 nginx Open Source
F5 nginx Plus
Fedoraproject
Fedoraproject fedora
Weaknesses CWE-787
CPEs cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products F5
F5 nginx Open Source
F5 nginx Plus
Fedoraproject
Fedoraproject fedora

cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-02-13T17:47:50.656Z

Reserved: 2024-05-14T16:31:57.492Z

Link: CVE-2024-31079

cve-icon Vulnrichment

Updated: 2024-08-02T01:46:04.427Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-29T16:15:09.800

Modified: 2025-01-24T16:01:04.653

Link: CVE-2024-31079

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-29T00:00:00Z

Links: CVE-2024-31079 - Bugzilla

cve-icon OpenCVE Enrichment

No data.