"NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability":

bontchev@infosec.exchange

"NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability":

NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability | depthfirst

We used the depthfirst system to analyze the NGINX source code, and it autonomously discovered 4 remote memory corruption issues, including a critical heap buffer overflow introduced in 2008. We further investigated the exploitability of the issues, and developed a working proof of concept demonstrating RCE with ASLR off. If you use rewrite and set directives in your NGINX configuration, you're at risk.

(depthfirst.com)