CVE status
Thomas Ward
teward at thomas-ward.net
Fri May 15 03:46:16 UTC 2026
Yeah, I believe those are other bugs and Security fixes patched in NGINX
OSS 1.31.0 and 1.30.1. Just thought I'd make a note. (the one-line for
the rewrite buffer overrun is, however, a fix for the specific CVE
referenced in this thread. Other CVEs were also patched independently as
other commits.)
On 2026-05-14 23:44, Maxim Dounin wrote:
> Hello!
>
> On Fri, May 15, 2026 at 12:38:09AM +0000, Thomas Ward via nginx wrote:
>
>> FYI Maxim the fix for the buffer overrun in rewrite is a one line patch.
> Sure, except it might not be the best solution. Based on my
> analysis I tend to prefer at least three lines.
>
> Also, I see at least one additional case of obviously incorrect
> escaping applied by the related rewrite code, though without a
> buffer overrun.
>
>>
>>
>> Sent from my Galaxy
>>
>>
>>
>> -------- Original message --------
>> From: Maxim Dounin<mdounin at mdounin.ru>
>> Date: 5/14/26 20:09 (GMT-05:00)
>> To:nginx at freenginx.org
>> Subject: Re: CVE status
>>
>> Hello!
>>
>> On Thu, May 14, 2026 at 02:15:35PM -0700,bayberry.uninspired694 at aceecat.org wrote:
>>
>>> Hi,
>>>
>>> does CVE-2026-42945 apply to freenginx? And if yes, will there be a point
>>> release to fix it?
>>>
>>> Here's the reference:
>>>
>>> https://nvd.nist.gov/vuln/detail/CVE-2026-42945
>> It does apply.
>>
>> Note though that triggering this bug requires rather specific
>> configuration (a matched "rewrite" which changes request arguments
>> but continues rewrite processing, that is, without "break" or any
>> other flags, followed by a "set" or "if" which uses positional
>> captures or another matched rewrite which uses positional captures and
>> additional variables or duplicate positional captures), and
>> therefore most configurations won't be affected at all. As a
>> reference point, none of the examples provided in the rewrite
>> documentation are affected.
>>
>> I'm currently looking into this, as well as other issues published
>> by F5, and will provide appropriate patches shortly. Once patches
>> are ready, there will be a release.
>>
>> --
>> Maxim Dounin
>> http://mdounin.ru/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://freenginx.org/pipermail/nginx/attachments/20260514/b91ec28b/attachment-0001.htm>
More information about the nginx
mailing list