CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-24990

Medium Severity
F5
SVRS
30/100
CVSSv3
7.5/10
EPSS
0.00188/1

CVE-2024-24990 allows attackers to crash NGINX servers using specially crafted HTTP/3 requests. This vulnerability affects NGINX Plus and NGINX OSS when the experimental HTTP/3 QUIC module is enabled, leading to termination of worker processes. Although the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate level of immediate risk, however, given it's tagged as "In The Wild" constant monitoring is still warranted. Exploitation requires the HTTP/3 module to be active, which is not the default configuration. Successful exploitation results in a denial-of-service, disrupting services relying on the affected NGINX instances. This is a significant security concern because it can impact the availability of web applications. Although the SVRS is low, organizations utilizing the QUIC module in NGINX should investigate and apply mitigations from the vendor advisory to maintain system stability and prevent potential service interruptions.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-02-14
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-24990 is a vulnerability in NGINX Plus or NGINX OSS that can cause NGINX worker processes to terminate when configured to use the HTTP/3 QUIC module. The HTTP/3 QUIC module is not enabled by default and is considered experimental.

Key Insights

  • The SVRS for CVE-2024-24990 is 40, indicating a moderate level of risk.
  • The vulnerability can be exploited by sending undisclosed requests to the affected server.
  • The vulnerability can lead to a denial of service (DoS) attack, which can disrupt the availability of the affected server.

Mitigation Strategies

  • Disable the HTTP/3 QUIC module in NGINX Plus or NGINX OSS.
  • Update to a version of NGINX Plus or NGINX OSS that has the vulnerability fixed.
  • Implement a web application firewall (WAF) to block malicious requests.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • There are no known active exploits for this vulnerability.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-24990 | F5 NGINX Plus/NGINX Open Source QUIC Module use after free (K000138445)
vuldb.com2025-01-24
CVE-2024-24990 | F5 NGINX Plus/NGINX Open Source QUIC Module use after free (K000138445) | A vulnerability classified as critical has been found in F5 NGINX Plus and NGINX Open Source. This affects an unknown part of the component QUIC Module. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-24990. It is possible to initiate the attack remotely
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppF5nginx_plus
AppF5nginx_open_source

References

ReferenceLink
[email protected]https://my.f5.com/manage/s/article/K000138445
[email protected]http://www.openwall.com/lists/oss-security/2024/05/30/4
[email protected]https://my.f5.com/manage/s/article/K000138445
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/05/30/4
AF854A3A-2127-422B-91AE-364DA2661108https://my.f5.com/manage/s/article/K000138445
[email protected]http://www.openwall.com/lists/oss-security/2024/05/30/4
[email protected]https://my.f5.com/manage/s/article/K000138445

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence