{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-34161", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2024-05-14T16:31:57.509Z", "datePublished": "2024-05-29T16:02:05.696Z", "dateUpdated": "2024-08-02T02:51:10.486Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["HTTP/3"], "product": "NGINX Open Source", "vendor": "F5", "versions": [{"lessThan": "1.26.1", "status": "affected", "version": "1.25.0", "versionType": "semver"}]}, {"defaultStatus": "unknown", "modules": ["HTTP/3"], "product": "NGINX Plus", "vendor": "F5", "versions": [{"lessThan": "R32", "status": "affected", "version": "R30", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "datePublic": "2024-05-29T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory."}], "value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-05-29T16:02:05.696Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000139627"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/"}], "source": {"discovery": "INTERNAL"}, "title": "NGINX HTTP/3 QUIC vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T18:37:24.017204Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*"], "vendor": "f5", "product": "nginx_plus", "versions": [{"status": "affected", "version": "r30", "versionType": "custom", "lessThanOrEqual": "r31"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:f5:nginx:1.25.0:*:*:*:*:*:*:*"], "vendor": "f5", "product": "nginx", "versions": [{"status": "affected", "version": "1.25.0", "versionType": "custom", "lessThanOrEqual": "1.26.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:40:56.027Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:10.486Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.f5.com/manage/s/article/K000139627"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://my.f5.com/manage/s/article/K000139627", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:10.486Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T18:37:24.017204Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*"], "vendor": "f5", "product": "nginx_plus", "versions": [{"status": "affected", "version": "r30", "versionType": "custom", "lessThanOrEqual": "r31"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:f5:nginx:1.25.0:*:*:*:*:*:*:*"], "vendor": "f5", "product": "nginx", "versions": [{"status": "affected", "version": "1.25.0", "versionType": "custom", "lessThanOrEqual": "1.26.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T18:36:51.226Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "NGINX HTTP/3 QUIC vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "modules": ["HTTP/3"], "product": "NGINX Open Source", "versions": [{"status": "affected", "version": "1.25.0", "lessThan": "1.26.1", "versionType": "semver"}], "defaultStatus": "unknown"}, {"vendor": "F5", "modules": ["HTTP/3"], "product": "NGINX Plus", "versions": [{"status": "affected", "version": "R30", "lessThan": "R32", "versionType": "custom"}], "defaultStatus": "unknown"}], "datePublic": "2024-05-29T14:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K000139627", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/"}], "x_generator": {"engine": "F5 SIRTBot v1.0"}, "descriptions": [{"lang": "en", "value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.", "supportingMedia": [{"type": "text/html", "value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-05-29T16:02:05.696Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34161", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:51:10.486Z", "dateReserved": "2024-05-14T16:31:57.509Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2024-05-29T16:02:05.696Z", "assignerShortName": "f5"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory."}, {"lang": "es", "value": "Cuando NGINX Plus o NGINX OSS est\u00e1n configurados para usar el m\u00f3dulo HTTP/3 QUIC y la infraestructura de red admite una unidad de transmisi\u00f3n m\u00e1xima (MTU) de 4096 o m\u00e1s sin fragmentaci\u00f3n, los paquetes QUIC no revelados pueden hacer que los procesos de trabajo de NGINX pierdan memoria previamente liberada."}], "id": "CVE-2024-34161", "lastModified": "2024-06-10T18:15:34.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2024-05-29T16:15:10.270", "references": [{"source": "f5sirt@f5.com", "url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"}, {"source": "f5sirt@f5.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/"}, {"source": "f5sirt@f5.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/"}, {"source": "f5sirt@f5.com", "url": "https://my.f5.com/manage/s/article/K000139627"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "f5sirt@f5.com", "type": "Secondary"}]}

{"bugzilla": {"description": "nginx: undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory", "id": "2283926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283926"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-416", "details": ["When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.", "A flaw was found in the nginx HTTP/3 implementation. If the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can trigger a use-after-free condition, causing worker processes to leak previously freed memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-34161", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "nginx", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nginx:1.22/nginx", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nginx:1.24/nginx", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nginx:1.22/nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nginx:1.24/nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nginx118-nginx", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nginx120-nginx", "product_name": "Red Hat Software Collections"}], "public_date": "2024-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-34161\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34161\nhttps://my.f5.com/manage/s/article/K000139627"], "statement": "This flaw allows an attacker to cause a memory leak. However, the leaked memory is random, can't be controlled by the attacker, and does not include nginx configuration or private keys. For these reasons, this flaw has been rated with a Moderate severity.\nThe nginx package as shipped in Red Hat Enterprise Linux 8, 9 and RHSCL is not affected by this vulnerability because the support for HTTP/3 is not enabled and the vulnerable code was introduced in a later version of nginx.", "threat_severity": "Moderate", "upstream_fix": "nginx 1.26.1, nginx 1.27.0"}