Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-35200HistoryMay 29, 2024 - 4:15 p.m.
CVE-2024-35200
2024-05-2916:15:10
Debian Security Bug Tracker
security-tracker.debian.org
17
nginx
http/3
quic
vulnerability
cve-2024-35200
termination
worker processes
unix
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
15.5%
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | nginx | < 1.22.1-9 | nginx_1.22.1-9_all.deb |
| Debian | 11 | all | nginx | < 1.18.0-6.1+deb11u3 | nginx_1.18.0-6.1+deb11u3_all.deb |
| Debian | 999 | all | nginx | < 1.26.0-2 | nginx_1.26.0-2_all.deb |
| Debian | 13 | all | nginx | < 1.26.0-2 | nginx_1.26.0-2_all.deb |
Related
osv
osv
BIT-nginx-2024-35200
2024-06-04 09:49:17
CGA-ccx3-v5fh-7h28
2024-07-15 21:55:49
CGA-vr6r-mpr3-vhxw
2024-06-06 12:29:36
hackerone
hackerone
Internet Bug Bounty: CVE-2024-35200 in nginx
2024-05-30 09:19:50
nginx
nginx
NULL pointer dereference in HTTP/3
2024-05-29 16:15:10
alpinelinux
alpinelinux
CVE-2024-35200
2024-05-29 16:15:10
vulnrichment
vulnrichment
CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability
2024-05-29 16:02:05
cvelist
cvelist
CVE-2024-35200 NGINX HTTP/3 QUIC vulnerability
2024-05-29 16:02:05
nvd
nvd
CVE-2024-35200
2024-05-29 16:15:10
wolfi
wolfi
CVE-2024-35200 vulnerabilities
2024-10-01 21:13:23
ubuntucve
ubuntucve
CVE-2024-35200
2024-05-29 00:00:00
f5
f5
K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200
2024-05-29 00:00:00
K000139628: Out-of-band Security Notification (May 29, 2024)
2024-05-29 00:00:00
cve
cve
CVE-2024-35200
2024-05-29 16:15:10
redhatcve
redhatcve
CVE-2024-35200
2024-05-30 08:33:56
redos
redos
ROS-20240725-01
2024-07-25 00:00:00
nessus
nessus
Fedora 40 : nginx (2024-06e6dcbb42)
2024-06-08 00:00:00
FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)
2024-05-30 00:00:00
Fedora 39 : nginx (2024-2e4858330c)
2024-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: nginx-1.26.1-1.fc40
2024-06-08 05:23:22
[SECURITY] Fedora 39 Update: nginx-1.26.1-1.fc39
2024-06-08 19:35:25
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-06e6dcbb42)
2024-06-09 00:00:00
Fedora: Security Advisory (FEDORA-2024-2e4858330c)
2024-06-09 00:00:00
Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities
2024-05-31 00:00:00
freebsd
freebsd
nginx -- Multiple Vulnerabilities in HTTP/3
2024-05-29 00:00:00
ibm
ibm
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0638
2024-06-24 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0302
2024-06-24 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
6.9
Confidence
Low
EPSS
0
Percentile
15.5%
Related for DEBIANCVE:CVE-2024-35200