Security vulnerabilities and automated fixes for nginx issues
2 posts found
A critical heap buffer overflow vulnerability was discovered and patched in a Dubbo protocol module, where six unchecked `ngx_memcpy` calls could allow attackers to corrupt heap memory by sending crafted oversized string fields. This type of vulnerability — classified as CWE-120, a "Classic Buffer Copy Without Checking Size of Input" — is one of the oldest and most dangerous bug classes in C/C++ programming. Understanding how it works and how to prevent it is essential knowledge for any develope
A high-severity command injection vulnerability (CWE-78) was discovered and patched in an nginx harness maintenance script that used `subprocess.check_output()` without proper input sanitization. Because maintenance scripts like this frequently run with elevated privileges, an attacker who could influence the input arguments could execute arbitrary system commands as root. This post breaks down how the vulnerability works, how it was fixed, and what you can do to prevent similar issues in your o