CVE-2024-34161 : When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and th

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

Published 2024-05-29 16:15:10

Updated 2025-01-24 16:20:58

Source F5 Networks

View at NVD, CVE.org

Products affected by CVE-2024-34161

F5 » Nginx Plus » Version: R30
cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
Matching versions
F5 » Nginx Plus » Version: R30 Update P1
cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*
Matching versions
F5 » Nginx Plus » Version: R30 Update P2
cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*
Matching versions
F5 » Nginx Plus » Version: R31
cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*
Matching versions
F5 » Nginx Plus » Version: R31 Update P1
cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*
Matching versions
F5 » Nginx Open Source
Versions from including (>=) 1.25.0 and before (<) 1.26.1
cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 40
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-34161

EPSS FAQ

0.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-34161

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	F5 Networks	2024-05-29
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST	2025-01-24
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2024-34161

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Assigned by:
- f5sirt@f5.com (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2024-34161

http://www.openwall.com/lists/oss-security/2024/05/30/4

oss-security - nginx HTTP/3 security issues/fixes
Mailing List

CVEs referencing this url
https://my.f5.com/manage/s/article/K000139627

NGINX HTTP/3 QUIC vulnerability CVE-2024-34161
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/

[SECURITY] Fedora 40 Update: nginx-1.26.1-1.fc40 - package-announce - Fedora Mailing-Lists
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/

[SECURITY] Fedora 39 Update: nginx-1.26.1-1.fc39 - package-announce - Fedora Mailing-Lists
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-34161

Products affected by CVE-2024-34161

Exploit prediction scoring system (EPSS) score for CVE-2024-34161

CVSS scores for CVE-2024-34161

CWE ids for CVE-2024-34161

References for CVE-2024-34161