CVE-2024-34161

Summary

CVE-2024-34161 is a newly disclosed vulnerability affecting NGINX Plus and Open Source (NGINX OSS) when using the HTTP/3 QUIC module. If the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 bytes or greater without fragmentation, undisclosed QUIC packets can trigger NGINX worker processes to leak previously freed memory, potentially leading to denial-of-service (DoS) conditions or other unintended consequences. This issue is significant as HTTP/3 adoption continues to grow, making it essential for organizations using NGINX web servers to update and patch their systems to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.