CVE-2024-24990

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-416
View all →

Vulnerability Description

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Related Vulnerabilities

CVE-2006-4434

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced....

CWE-4162006

CVE-2006-4997

HIGH
CVSS:7.5(High)

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access th...

CWE-4162006

CVE-2009-3553

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote att...

CWE-4162009

CVE-2010-0302

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll...

CWE-4162010

CVE-2010-4168

HIGH
CVSS:7.5(High)

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmis...

CWE-4162010

CVE-2015-3890

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in Open Litespeed before 1.3.10.

CWE-4162015