F5-K000138445
First published: Wed Feb 14 2024(Updated: )
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NGINX | =31=30 | 31 |
| Nginx | >=1.25.0<=1.25.3 | 1.25.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000138445?
The severity of F5-K000138445 is considered critical due to potential service disruption.
How do I fix F5-K000138445?
To fix F5-K000138445, you should upgrade to NGINX Plus version 31 or 30, or NGINX Open Source version 1.25.4.
What systems are affected by F5-K000138445?
F5-K000138445 affects NGINX Plus versions 30 and 31 as well as NGINX Open Source versions 1.25.0 to 1.25.3.
What causes the issue in F5-K000138445?
F5-K000138445 is caused by undisclosed requests that lead to the termination of NGINX worker processes when using the HTTP/3 QUIC module.
Is there a workaround for F5-K000138445?
Currently, there are no recommended workarounds for F5-K000138445, and upgrading is the advised action.
- agent/references
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/type
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/f5-advisory
- source/F5
- alias/CVE-2024-24990
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/nginx
- version/nginx/31
- version/nginx/30
- version/nginx/1.25.0
- version/nginx/1.25.3