What is the severity of CVE-2024-35200?

CVE-2024-35200 is considered a critical vulnerability as it can cause NGINX worker processes to terminate when handling specific HTTP/3 requests.

How do I fix CVE-2024-35200?

To mitigate CVE-2024-35200, it is recommended to upgrade NGINX Plus to a version higher than r31-p1 and NGINX OSS to a version above 1.26.1.

What versions of NGINX are affected by CVE-2024-35200?

CVE-2024-35200 affects NGINX Plus r30, r30-p1, r30-p2, and r31, as well as NGINX OSS versions from 1.25.0 up to 1.26.1.

What configurations are impacted by CVE-2024-35200?

CVE-2024-35200 specifically impacts configurations using the HTTP/3 QUIC module in NGINX.

Can CVE-2024-35200 lead to service disruption?

Yes, CVE-2024-35200 can cause unexpected termination of NGINX worker processes, leading to possible service disruption.

Vulnerability/
CVE-2024-35200

medium

5.3

CWE

476

29/5/2024

24/1/2025

CVE-2024-35200: NGINX HTTP/3 QUIC vulnerability

First published: Wed May 29 2024(Updated: )

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
NGINX Plus
NGINX Open Source
Nginx	>=1.25.0<1.26.1
Nginx	=r30
Nginx	=r30-p1
Nginx	=r30-p2
Nginx	=r31
Nginx	=r31-p1
Fedora	=39
Fedora	=40

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-35200?
CVE-2024-35200 is considered a critical vulnerability as it can cause NGINX worker processes to terminate when handling specific HTTP/3 requests.
How do I fix CVE-2024-35200?
To mitigate CVE-2024-35200, it is recommended to upgrade NGINX Plus to a version higher than r31-p1 and NGINX OSS to a version above 1.26.1.
What versions of NGINX are affected by CVE-2024-35200?
CVE-2024-35200 affects NGINX Plus r30, r30-p1, r30-p2, and r31, as well as NGINX OSS versions from 1.25.0 up to 1.26.1.
What configurations are impacted by CVE-2024-35200?
CVE-2024-35200 specifically impacts configurations using the HTTP/3 QUIC module in NGINX.
Can CVE-2024-35200 lead to service disruption?
Yes, CVE-2024-35200 can cause unexpected termination of NGINX worker processes, leading to possible service disruption.

agent/title
agent/weakness
agent/description
agent/first-publish-date
agent/type
agent/severity
agent/author
agent/event
agent/references
collector/mitre-cve
source/MITRE
agent/source
agent/trending
agent/last-modified-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
vendor/nginx
canonical/nginx plus
canonical/nginx open source
vendor/f5
canonical/nginx
version/nginx/1.25.0
version/nginx/r30
version/nginx/r30-p1
version/nginx/r30-p2
version/nginx/r31
version/nginx/r31-p1
vendor/fedoraproject
canonical/fedora
version/fedora/39
version/fedora/40

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.