Monitor and prioritize what really matters — the 1% of vulnerabilities that can cause real impact.
This vulnerability is a heap buffer overflow occurring in the ngx_http_rewrite_module of F5 NGINX Plus and NGINX Open Source. It arises when the rewrite directive is followed by another rewrite, if, or set directive using an unnamed PCRE capture group (e.g., $1, $2) combined with a replacement string containing a question mark (?). The flaw is rooted in improper handling of regular expression captures during HTTP request processing within the rewrite module.
This vulnerability is a stack-based buffer overflow caused by improper handling of input data within the Windows Netlogon component. Specifically, the flaw arises from insufficient bounds checking during processing of network authentication requests, allowing data to overwrite adjacent memory on the stack. The affected component is the Netlogon Remote Protocol implementation in Microsoft Windows Server 2012 and later versions.