Reported NGINX “poolslip” flaw raises concern for web infrastructure.
Cyber Security News reported a newly disclosed nginx-poolslip issue affecting NGINX rewrite-module behavior and memory-pool handling. The report says crafted HTTP requests can trigger a heap buffer overflow in NGINX worker processes under specific rewrite-rule conditions, causing at least denial of service and potentially code execution where ASLR is disabled or bypassed. The same report says NGINX Open Source versions from 0.1.17 through 1.30.1 and 1.31.0 are affected, with fixes listed as 1.30.2 and 1.31.1. Because NGINX is widely used in reverse proxies, API gateways and Kubernetes ingress deployments, the issue is being treated as high-impact by security media. I would treat this one as “watch closely and verify against official F5/NGINX advisories,” because the available public reporting is still more limited than for Drupal or Microsoft’s F5/Confluence case.