CVE-2024-32760 in nginx

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760 Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. (CVE-2024-32760) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the configuration contains a listen directive with the quic option enabled. The HTTP/3 QUIC module is considered an experimental feature and is not compiled by default in NGINX OSS, but it is compiled by default in NGINX Plus. For more information, refer to Support for QUIC and HTTP/3. Additionally, because users control their own custom build environments, certain security measures may not be implemented in the users' build configurations. These security measures may include memory-related build and system configuration options. Consequently, the severity of the impact depends on whether users build the software with or without security options or utilize pre-built binaries, which include security protections by default. Impact Client traffic may be disrupted while the worker process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) or other potential impact. There is no control plane exposure; this is a data plane issue only. Security Advisory Status F5 Product Development has assigned ID NFOSS-826 (NGINX Plus and NGINX OSS) to this vulnerability. This issue has been classified as CWE-787: Out-of-bounds Write. Full Security Advisory: https://my.f5.com/manage/s/article/K000139609