CVE status
Thomas Ward
teward at thomas-ward.net
Fri May 15 00:38:09 UTC 2026
FYI Maxim the fix for the buffer overrun in rewrite is a one line patch.
Sent from my Galaxy
-------- Original message --------
From: Maxim Dounin <mdounin at mdounin.ru>
Date: 5/14/26 20:09 (GMT-05:00)
To: nginx at freenginx.org
Subject: Re: CVE status
Hello!
On Thu, May 14, 2026 at 02:15:35PM -0700, bayberry.uninspired694 at aceecat.org wrote:
> Hi,
>
> does CVE-2026-42945 apply to freenginx? And if yes, will there be a point
> release to fix it?
>
> Here's the reference:
>
> https://nvd.nist.gov/vuln/detail/CVE-2026-42945
It does apply.
Note though that triggering this bug requires rather specific
configuration (a matched "rewrite" which changes request arguments
but continues rewrite processing, that is, without "break" or any
other flags, followed by a "set" or "if" which uses positional
captures or another matched rewrite which uses positional captures and
additional variables or duplicate positional captures), and
therefore most configurations won't be affected at all. As a
reference point, none of the examples provided in the rewrite
documentation are affected.
I'm currently looking into this, as well as other issues published
by F5, and will provide appropriate patches shortly. Once patches
are ready, there will be a release.
--
Maxim Dounin
http://mdounin.ru/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://freenginx.org/pipermail/nginx/attachments/20260515/ef1688ac/attachment.htm>
More information about the nginx
mailing list