CVE-2024-24989

The affected software is NGINX, specifically the HTTP/3 QUIC module in NGINX Plus and NGINX OSS. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate, potentially leading to a denial of service, related to a null pointer dereference. An exploit can be used to trigger this issue by sending specially crafted requests to the server. The vulnerable versions are not explicitly stated, but it's mentioned that software versions which have reached End of Technical Support (EoTS) are not evaluated. For more information, refer to the official NGINX documentation on QUIC and HTTP/3 support: https://nginx.org/en/docs/quic.html. #NGINX #NGINXPlus #NGINXOSS #HTTP3 #QUIC #DenialOfService #Exploit #cybersecurityawareness #infosec