2 comments

[ 3.0 ms ] story [ 30.5 ms ] thread
I mentioned this in a previous post for this CVE. How much heavy lifting is the phrase "along with conditions beyond their control" doing for this exploit?

> When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream.

Only 1.31.0 and 1.31.1 are affected.