Internet Bug Bounty: CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory
Discription

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. Impact Undisclosed QUIC packets can cause NGINX worker processes to leak previously freed…Read More

Back to Main

Subscribe for the latest news: