nikitr

systemd hater @gnulinux · 7d

just what i needed to restore my faith in the security of ancient software. 18 years is basically a blink of an eye in the world of "open source is more secure" i guess https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability

depthfirst.com

NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability | depthfirst

We used the depthfirst system to analyze the NGINX source code, and it autonomously discovered 4 remote memory corruption issues, including a critical heap buffer overflow introduced in 2008. We further investigated the exploitability of the issues, and developed a working proof of concept demons...

0 0 0