vulnerability
FreeBSD: VID-c97a4ecf-cc25-11ee-b0ee-0050569f0b83 (CVE-2024-24990): nginx-devel -- Multiple Vulnerabilities in HTTP/3
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Feb 15, 2024 | Feb 15, 2024 | Jun 15, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Feb 15, 2024
Added
Feb 15, 2024
Modified
Jun 15, 2026
Description
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Solution
freebsd-upgrade-package-nginx-devel
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.