NGINX Open Source has a vulnerability in the ngxhttpv3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2.17.0"
},
{
"last_affected": "2.22.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "f5:nginx_instance_manager",
"cpes": [
"cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.0"
}
],
"source": "CPE_STRING",
"vendor_product": "f5:nginx_ingress_controller",
"cpes": [
"cpe:2.3:a:f5:nginx_ingress_controller:4.0.0:*:*:*:*:*:*:*"
]
}
]
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_ingress_controller:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_ingress_controller:4.0.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.5.0"
},
{
"last_affected": "3.7.2"
},
{
"introduced": "5.0.0"
},
{
"fixed": "5.5.1"
},
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.0"
},
{
"introduced": "4.0.1"
},
{
"last_affected": "4.0.1"
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.3.0"
},
{
"last_affected": "1.6.2"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.6.4"
}
]
}