THE page reports a critical NGINX heap buffer overflow vulnerability (CVE-2024-24989) impacting both NGINX Plus and NGINX Open Source causing potential crashes and system takeovers. The flaw is due to errors in the web server’s regex rewrite handling, allowing unauthorized remote attackers to exploit memory management issues. Systems running specific versions of NGINX Plus and Open Source, as well as NGINX Ingress Controller, are particularly at risk.
Remediation steps include upgrading to the latest software versions to mitigate threats. Temporary workarounds are also suggested but upgrading is recommended for long-term security.