FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- Multiple Vulnerabilities in HTTP/3

Affected packages
1.25.0	<=	nginx-devel	<	1.27.0
1.26.0	<=	nginx	<	1.26.1

Details

VuXML ID	320a19f7-1ddd-11ef-a2ae-8c164567ca3c
Discovery	2024-05-29
Entry	2024-05-29

The nginx development team reports:

This update fixes the following vulnerabilities:

Stack overflow and use-after-free in HTTP/3

Buffer overwrite in HTTP/3

Memory disclosure in HTTP/3

NULL pointer dereference in HTTP/3

[source]

References

CVE Name	CVE-2024-31079
CVE Name	CVE-2024-32760
CVE Name	CVE-2024-34161
CVE Name	CVE-2024-35200