When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared F5 nginx
CPEs cpe:2.3:a:f5:nginx:1.25.0:*:*:*:*:*:*:*
Vendors & Products F5 nginx
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 24 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 nginx Open Source
F5 nginx Plus
Fedoraproject
Fedoraproject fedora
CPEs cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Vendors & Products F5
F5 nginx Open Source
F5 nginx Plus
Fedoraproject
Fedoraproject fedora

cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-02-13T17:52:28.046Z

Reserved: 2024-05-14T16:31:57.509Z

Link: CVE-2024-34161

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:10.486Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-29T16:15:10.270

Modified: 2025-01-24T16:20:57.617

Link: CVE-2024-34161

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-29T00:00:00Z

Links: CVE-2024-34161 - Bugzilla

cve-icon OpenCVE Enrichment

No data.