mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-03T13:19:40.422Z
Updated: 2023-04-03T13:19:40.422Z
Reserved: 2023-03-20T12:19:47.206Z
Link: CVE-2023-28625
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-03T14:15:07.507
Modified: 2023-05-31T20:15:10.493
Link: CVE-2023-28625
JSON object: View
Redhat Information
No data.
CWE