heap-overflow

3 posts

A few bytes spill onto the next heap chunk

Technical writeup of CVE-2026-42945, the NGINX rewrite module heap overflow, plus what it means for LLM deployments sitting behind the proxy.

May 18, 2026

Article

NGINX ships emergency patch for HTTP/3 heap overflow

CVE-2026-42945 technical analysis: heap overflow in NGINX HTTP/3 HEADERS frame parsing, worker RCE primitive, telemetry gaps, and patch boundary.

May 18, 2026

Article

Patching nginx doesn't close this one

CVE-2026-42945 NGINX rewrite module heap buffer overflow: bug mechanism, exploit primitives, MITRE mapping, and EDR telemetry blind spots in worker exploitation.

May 18, 2026