CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory

Disclosed: 2024-07-12 19:45:41 By noentry To ibb

Medium

Vulnerability Details

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. ## Impact Undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

Actions

View on HackerOne

Report Stats

Report ID: 2599391
State: Closed
Substate: resolved
Upvotes: 14

CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory

Vulnerability Details

Actions

Report Stats

Share this report