Public bug reported:
After automatic upgrade from nginx 1.24.0-2ubuntu7.9 to 1.24.0-2ubuntu7.10 via
unattended-upgrades on 2026-06-09 at 06:48, nginx fails with ModSecurity
enabled.
== Error ==
[emerg] malloc(187650002163513) failed (12: Cannot allocate memory)
This affects ALL requests regardless of HTTP version (HTTP/1.1 and HTTP/2.0)
and ALL virtual hosts. nginx is completely non-functional with ModSecurity
enabled.
== Environment ==
OS: Ubuntu 24.04 noble
Architecture: arm64
nginx: 1.24.0-2ubuntu7.10
libnginx-mod-http-modsecurity: 1.0.3-1build3
libmodsecurity3: 3.0.12-1.1build2
modsecurity-crs: 3.3.5-2
== Reproduction ==
1. Install nginx 1.24.0-2ubuntu7.10 with libnginx-mod-http-modsecurity
2. Enable ModSecurity in nginx.conf (modsecurity on; modsecurity_rules_file ...)
3. Send any HTTP request to any vhost
4. Observe malloc corruption in error.log
== Workaround ==
Disabling ModSecurity (commenting out modsecurity on; in nginx.conf) restores
normal operation. The previous version nginx 1.24.0-2ubuntu7.9 worked correctly
with the same ModSecurity configuration.
== Notes ==
The malloc value (187650002163513) is clearly corrupted/garbage, suggesting
a memory handling regression in the new nginx version when interacting with
the ModSecurity module.
** Affects: nginx (Ubuntu)
Importance: Undecided
Status: New
** Tags: arm64 crash modsecurity nginx noble regression unattended-upgrades
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2156271
Title:
nginx 1.24.0-2ubuntu7.10 breaks ModSecurity with malloc corruption
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/2156271/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
