概要
| 公開日時 | 2026-05-18 |
| 深刻度 | 緊急 |
| モジュール | kusanagi-nginx131 |
| 対象 | Business Edition, KUSANAGI 9, Page Speed Technology, Security Edition |
脆弱性情報
kusanagi-nginx131の脆弱性情報を公開しました。修正した脆弱性は以下の通りとなります。
- Security: when using the "proxy_set_body" directive, an attacker might inject data in the proxied request to an HTTP/2 backend (CVE-2026-42926). Thanks to Mufeed VH of Winfunc Research.
- Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_rewrite_module, potentially resulting in arbitrary code execution (CVE-2026-42945). Thanks to Leo Lin.
- Security: a heap memory buffer overread might occur in a worker process while handling a specially crafted response by ngx_http_scgi_module or ngx_http_uwsgi_module, allowing an attacker to cause a disclosure of worker process memory or segmentation fault in a worker process (CVE-2026-42946). Thanks to Leo Lin.
- Security: a heap memory buffer overread might occur in a worker process while handling a specially sent response with decoding from UTF-8 via the "charset_map" directive, allowing an attacker to cause a limited disclosure of worker proccess memory or segmentation fault in a worker process (CVE-2026-42934). Thanks to David Carlier.
- Security: when using HTTP/3, processing of connection migration might cause new QUIC streams to receive a new client address before validation, allowing an attacker to cause address spoofing (CVE-2026-40460). Thanks to Rodrigo Laneth.
- Security: use-after-free might occur during DNS server response processing if the "ssl_ocsp" directive was used, allowing an attacker to cause worker process memory corruption or segmentation fault in a worker process (CVE-2026-40701). Thanks to Leo Lin.
CVE詳細
CVSSスコアや脆弱性の報告者等、詳細については、以下の情報を参照してください。
なお、CVEの状況によっては情報がまだ公開されていない場合があります。
