Exploitation of AIxCC Nginx bugs
This blog post will analyse the exploitability of the temporal safety vulnerabilities in Nginx AIxCC.
AIxCC is a DARPA competition to find vulnerabilities in codebases using AI. The competitors are not looking for 0-days but rather intentionally added vulnerabilities in existing codebases. One of them was Nginx in the semifinals, which already took place.
In this blog post, I will have a different focus on whether these added vulnerabilities can be exploited to achieve more than just crashes. Exploitation of AIxCC Nginx bugs
