VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mjj3-szmk-aaae

Essentials
Severities (98)
References (12)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-mjj3-szmk-aaae
Aliases	CVE-2024-24989
Summary	NULL pointer dereference in HTTP/3
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-476

NULL Pointer Dereference

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24989.json
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00558	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00574	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.00973	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
epss	0.03242	https://api.first.org/data/v1/epss?cve=CVE-2024-24989
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://my.f5.com/manage/s/article/K000138444
ssvc	Track	https://my.f5.com/manage/s/article/K000138444
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-24989
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/05/30/4
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/05/30/4

Reference id	Reference type	URL
		http://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24989.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-24989
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html
		https://my.f5.com/manage/s/article/K000138444
		http://www.openwall.com/lists/oss-security/2024/05/30/4
2264290		https://bugzilla.redhat.com/show_bug.cgi?id=2264290
cpe:2.3:a:f5:nginx_open_source:1.25.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx_open_source:1.25.3:::::::*
cpe:2.3:a:f5:nginx_plus:r31:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx_plus:r31:-::::::
CVE-2024-24989		https://nvd.nist.gov/vuln/detail/CVE-2024-24989
GLSA-202409-32		https://security.gentoo.org/glsa/202409-32

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24989.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://my.f5.com/manage/s/article/K000138444

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:02Z/ Found at https://my.f5.com/manage/s/article/K000138444

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-24989

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/05/30/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:02Z/ Found at http://www.openwall.com/lists/oss-security/2024/05/30/4

Exploit Prediction Scoring System (EPSS)

Percentile	0.09902
EPSS Score	0.00043
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-02-14T17:07:06.850148+00:00	Nginx Importer	Import	https://nginx.org/en/security_advisories.html	34.0.0rc2