Sergey Kandaurov
pluknet at nginx.com
Wed Feb 14 17:00:05 UTC 2024
More information about the nginx-announce mailing list
Wed Feb 14 17:00:05 UTC 2024
- Previous message (by thread): [nginx-announce] nginx-1.25.4
- Next message (by thread): [nginx-announce] nginx-1.25.5
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Two security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session to cause a worker process crash (CVE-2024-24989, CVE-2024-24990) or might have potential other impact (CVE-2024-24990). The issues affect nginx compiled with the ngx_http_v3_module (not compiled by default) if the "quic" option of the "listen" directive is used in a configuration file. The issue affects nginx 1.25.0 - 1.25.3. The issue is fixed in nginx 1.25.4. -- Sergey Kandaurov
- Previous message (by thread): [nginx-announce] nginx-1.25.4
- Next message (by thread): [nginx-announce] nginx-1.25.5
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the nginx-announce mailing list