[Bug 2156029] [NEW] nginx 1.24.0-2ubuntu7.10 ABI break: libnginx-mod-http-uploadprogress 0.9.2-5build1 crashes workers (SIGSEGV)

Tue, 09 Jun 2026 03:15:36 -0700 

Public bug reported:

After unattended-upgrades pulled nginx 1.24.0-2ubuntu7.10 from noble-security
on 2026-06-09 06:25 UTC, workers segfault (signal 11) whenever an HTTPS
request has a literal '[' in the query string. uploadprogress module .so is
the apr 2024 binary, never rebuilt — same ABI break pattern as bug #2155992
(headers-more).

This hits real apps hard, not just synthetic curl tests. The qs library
(https://www.npmjs.com/package/qs) serializes nested object filters as
bracketed query strings like:

  ?filters[$and][0][folderPath][$eq]=/

qs is used by Axios, Strapi v5, Express, and most Node.js stacks. Any
frontend calling a Strapi v5 admin/API endpoint behind nginx with this
module loaded will crash workers on nearly every request.

Module loads from /etc/nginx/modules-enabled/50-mod-http-uploadprogress.conf
but no upload_progress / track_uploads directive is needed — just having
the .so loaded is enough. So any vhost on this box is vulnerable, even
ones that don't use upload tracking at all.

Affected:
  nginx                                 1.24.0-2ubuntu7.10
  libnginx-mod-http-uploadprogress      1:0.9.2-5build1
  .so mtime                             2024-04-17

Reproducer:
  curl -k --http2 'https://host/foo?a=b[0]'                          # crashes
  curl -k --http2 'https://host/foo?filters[$and][0][k][$eq]=v'      # crashes 
(qs format)
  curl -k --http2 'https://host/foo?a=b%5B0%5D'                      # ok 
(encoded)

  /var/log/nginx/error.log:
    worker process NNNN exited on signal 11

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: libnginx-mod-http-uploadprogress 1:0.9.2-5build1
ProcVersionSignature: User Name 6.17.0-1013.13~24.04.1-aws 6.17.13
Uname: Linux 6.17.0-1013-aws x86_64
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudBuildName: server
CloudID: aws
CloudName: aws
CloudPlatform: ec2
CloudRegion: ap-southeast-1
CloudSerial: 20250610
CloudSubPlatform: metadata (http://169.254.169.254)
Date: Tue Jun  9 10:05:24 2026
Ec2Architecture: x86_64
Ec2Imageid: ami-0fb431db64ad49dde
Ec2Instancetype: t3.medium
Ec2Region: ap-southeast-1
ProcEnviron:
 LANG=C.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: libnginx-mod-http-uploadprogress
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.cron.daily.apport: [deleted]
modified.conffile..etc.default.apport:
 # set this to 0 to disable apport, or to 1 to enable it
 # you can temporarily override this with
 # sudo service apport start force_start=1
 enabled=0
mtime.conffile..etc.default.apport: 2025-06-18T06:08:09.319017

** Affects: libnginx-mod-http-uploadprogress (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug cloud-image noble

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2156029

Title:
  nginx 1.24.0-2ubuntu7.10 ABI break: libnginx-mod-http-uploadprogress
  0.9.2-5build1 crashes workers (SIGSEGV)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnginx-mod-http-uploadprogress/+bug/2156029/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to