CLSA-2026-1779712300

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779712300

Upstream

CVE-2026-9256

Published

2026-05-25T12:31:45Z

Modified

2026-06-04T09:47:21.945655167Z

Summary

Fix CVE(s): CVE-2026-9256

Details

SECURITY UPDATE: heap buffer overflow in ngxhttprewritemodule with overlapping captures
- debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngxhttpscriptregexstartcode() when a rewrite replacement string with no variables has overlapping captures, by moving the per-capture length accumulation and ngxescapeuri() call inside a single loop over the actual captures buffer.
- CVE-2026-9256

References

https://errata.tuxcare.com/els_os/ubuntu20.04els/CLSA-2026-1779712300.html

Affected packages

TuxCare:Ubuntu:20.04

libnginx-mod-http-auth-pam

Package

Name: libnginx-mod-http-auth-pam
Purl: pkg:deb/tuxcare/libnginx-mod-http-auth-pam?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-cache-purge

Package

Name: libnginx-mod-http-cache-purge
Purl: pkg:deb/tuxcare/libnginx-mod-http-cache-purge?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-dav-ext

Package

Name: libnginx-mod-http-dav-ext
Purl: pkg:deb/tuxcare/libnginx-mod-http-dav-ext?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-echo

Package

Name: libnginx-mod-http-echo
Purl: pkg:deb/tuxcare/libnginx-mod-http-echo?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-fancyindex

Package

Name: libnginx-mod-http-fancyindex
Purl: pkg:deb/tuxcare/libnginx-mod-http-fancyindex?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-geoip

Package

Name: libnginx-mod-http-geoip
Purl: pkg:deb/tuxcare/libnginx-mod-http-geoip?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-geoip2

Package

Name: libnginx-mod-http-geoip2
Purl: pkg:deb/tuxcare/libnginx-mod-http-geoip2?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-headers-more-filter

Package

Name: libnginx-mod-http-headers-more-filter
Purl: pkg:deb/tuxcare/libnginx-mod-http-headers-more-filter?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-image-filter

Package

Name: libnginx-mod-http-image-filter
Purl: pkg:deb/tuxcare/libnginx-mod-http-image-filter?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-lua

Package

Name: libnginx-mod-http-lua
Purl: pkg:deb/tuxcare/libnginx-mod-http-lua?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-ndk

Package

Name: libnginx-mod-http-ndk
Purl: pkg:deb/tuxcare/libnginx-mod-http-ndk?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-perl

Package

Name: libnginx-mod-http-perl
Purl: pkg:deb/tuxcare/libnginx-mod-http-perl?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-subs-filter

Package

Name: libnginx-mod-http-subs-filter
Purl: pkg:deb/tuxcare/libnginx-mod-http-subs-filter?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-uploadprogress

Package

Name: libnginx-mod-http-uploadprogress
Purl: pkg:deb/tuxcare/libnginx-mod-http-uploadprogress?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-upstream-fair

Package

Name: libnginx-mod-http-upstream-fair
Purl: pkg:deb/tuxcare/libnginx-mod-http-upstream-fair?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-http-xslt-filter

Package

Name: libnginx-mod-http-xslt-filter
Purl: pkg:deb/tuxcare/libnginx-mod-http-xslt-filter?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-mail

Package

Name: libnginx-mod-mail
Purl: pkg:deb/tuxcare/libnginx-mod-mail?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-nchan

Package

Name: libnginx-mod-nchan
Purl: pkg:deb/tuxcare/libnginx-mod-nchan?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-rtmp

Package

Name: libnginx-mod-rtmp
Purl: pkg:deb/tuxcare/libnginx-mod-rtmp?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

libnginx-mod-stream

Package

Name: libnginx-mod-stream
Purl: pkg:deb/tuxcare/libnginx-mod-stream?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

nginx

Package

Name: nginx
Purl: pkg:deb/tuxcare/nginx?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

nginx-common

Package

Name: nginx-common
Purl: pkg:deb/tuxcare/nginx-common?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

nginx-core

Package

Name: nginx-core
Purl: pkg:deb/tuxcare/nginx-core?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

nginx-doc

Package

Name: nginx-doc
Purl: pkg:deb/tuxcare/nginx-doc?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

nginx-extras

Package

Name: nginx-extras
Purl: pkg:deb/tuxcare/nginx-extras?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

nginx-full

Package

Name: nginx-full
Purl: pkg:deb/tuxcare/nginx-full?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"

nginx-light

Package

Name: nginx-light
Purl: pkg:deb/tuxcare/nginx-light?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.0-0ubuntu1.7+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779712300.json"