个人数字泔水\(⁠◔⁠‿⁠◔⁠)✨ Thinking...https://okhk.pages.devhttps://okhk.pages.dev/posts/9828https://okhk.pages.dev/posts/9828Thu, 14 May 2026 03:18:30 GMT<i><b>🔴</b></i> <mark>NGINX</mark> http_rewrite 模块漏洞；或会导致堆溢出甚至远程代码执行。<br /><br />- 漏洞的起因是 <mark>nginx</mark> 尝试将 escape 过的 URL 写入未 escape 长度的内存。<br />- 在 ASLR 未被开启的情况下，可以导致远程代码执行。<br />- 修复已于 1.30.1/1.31.0 发布。<br /><br />1. <a href="https://depthfirst.com/nginx-rift" target="_blank">https://depthfirst.com/nginx-rift</a><br />2. <a href="https://my.f5.com/manage/s/article/K000161019" target="_blank">my.f5.com/~</a><br /><br />CVE: CVE-2026-42945<br />CVSS: 9.2 (F5 Networks)<br />Affect: [0.6.27, 1.30.0]<br />Fixed-At: 1.30.1, 1.31.0<br /><br /><a href="/search/result?q=%23nginx">#nginx</a><a href="https://depthfirst.com/nginx-rift" target="_blank"> <div>Depthfirst</div> <img class="link_preview_image" alt="NGINX Rift" src="/static/https://cdn4.telesco.pe/file/ZFlK8JJclD5YLjGhWdrrj2c1hz6yWIap0pKMONzbmudy2g2YLGxraQZAmSEe-a-DeC_N_w43f16zpOX0fifZU015jthtcWYTXDAUFvtsNemq7-s-51gzVY6g5JQEj_pg5m45qQIKMofqOMO-HlC82YNLjWlJcWQfb4wz9L6mmuHOmyXpf9Rqdj2HJ36fx5pBdno2bGyjsCpi7d9Z_hZi_VCs7VJbkeHq7yRAvDX6l9GdXO07qM50pVd6sKA_VVD4HKdGZK-SenP5OlGDtbJ9hJaG54jpM4f3nB04vrb9GJaH8kC1_64SGrF5iEN7lEfaUKQB-lLjHOliijR8natm8A.jpg" width="1200" height="630" loading="eager" /> <div><mark>NGINX</mark> Rift</div> <div>An 18 year old memory corruption flaw in <mark>NGINX</mark> Plus and <mark>NGINX</mark> Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.</div> </a>