CVE-2024-32760
NGINX HTTP/3 QUIC vulnerabilityWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
We have discovered 141,906 live websites that are affected by CVE-2024-32760.
Affected Software
| Product |  Nginx |
| Category | Web Servers |
| Vulnerable Domains | 141,906 live websites (4.57% of Nginx install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 8 versions ( 3.45% of all versions) |
Common Weakness Enumeration
CWE-787 Out-of-bounds WriteDetails
- Published - May 29, 2024
- Updated - Feb 13, 2025
Credits
- F5 acknowledges Nils Bars of CISPA for bringing this issue to our attention and following the highest standards of coordinated disclosure. (reporter)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-32760 United States | 104,311 websites |
 India | 7,276 websites |
 Russia | 3,016 websites |
 Canada | 2,866 websites |
 Germany | 2,806 websites |
 China | 2,156 websites |
 GB | 2,131 websites |
 France | 1,925 websites |
 Australia | 1,223 websites |
 Italy | 1,089 websites |
Website Distribution by TLD
Number of websites using CVE-2024-32760| .com | 91,419 websites |
| .org | 12,245 websites |
| .net | 5,087 websites |
| .ru | 2,820 websites |
| .ca | 2,008 websites |
| .co.uk | 1,544 websites |
| .com.au | 1,378 websites |
| .de | 1,307 websites |
| .it | 1,300 websites |
| .co | 574 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-32760
Top websites that are affected by CVE-2024-32760. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.*****.com | United States | *** | |
| ****.*******.org | United States | *,*** | |
| *****.com | United States | *,*** | |
| ******.*****.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| ***********.com | Italy | *,*** | |
| *********.ch | United States | *,*** | |
| ******.ru | Russia | *,*** | |
| ***********.com | United States | *,*** | |
| ********.de | Germany | *,*** |
FAQ
CVE-2024-32760 is Out-of-bounds Write in Nginx
A total of 141,906 websites have been identified as vulnerable to CVE-2024-32760, based on global website indexing conducted by WebTechSurvey.
The Nginx is affected by the CVE-2024-32760 vulnerability.
Nginx versions up to 1.26.1 are vulnerable to CVE-2024-32760.
CVE-2024-32760 is resolved in version 1.26.1 of Nginx.
References
- https://my.f5.com/manage/s/article/K000139609
- https://lists.fedoraproject.org/archives/list/[email protected]/message/R7RPLWC35WHEUFCGKNFG62ESNID25TEZ/
- http://www.openwall.com/lists/oss-security/2024/05/30/4
- https://lists.fedoraproject.org/archives/list/[email protected]/message/MLAOKJWDALQZBIV3WKGPJ6T5Z56D3PRD/