Lucene search
F5F5:K000134597HistoryMay 12, 2023 - 12:00 a.m.
K000134597 : mod_auth_openidc vulnerability CVE-2023-28625
2023-05-1200:00:00
my.f5.com
4
mod_auth_openidc
apache 2.x
openid connect
vulnerability
null pointer
segmentation fault
denial-of-service
cve-2023-28625
f5 products.
0.002 Low
EPSS
Percentile
61.3%
Security Advisory Description
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using OIDCStripCookies. (CVE-2023-28625)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
cbl_mariner
cbl_mariner
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1849-1)
2023-04-17 00:00:00
Fedora: Security Advisory for mod_auth_openidc (FEDORA-2023-b534ca7056)
2023-06-01 00:00:00
Debian: Security Advisory (DSA-5405-1)
2023-05-19 00:00:00
veracode
veracode
NULL Pointer Dereference
2023-08-06 07:40:33
fedora
fedora
[SECURITY] Fedora 38 Update: mod_auth_openidc-2.4.13.2-1.fc38
2023-05-31 17:34:01
osv
osv
CVE-2023-28625
2023-04-03 14:15:07
libapache2-mod-auth-openidc - security update
2023-05-18 00:00:00
Moderate: mod_auth_openidc security and bug fix update
2023-11-07 00:00:00
debiancve
debiancve
CVE-2023-28625
2023-04-03 14:15:07
prion
prion
Null pointer dereference
2023-04-03 14:15:00
ubuntucve
ubuntucve
CVE-2023-28625
2023-04-03 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2023:1849-1)
2023-04-15 00:00:00
Debian DSA-5405-1 : libapache2-mod-auth-openidc - security update
2023-05-18 00:00:00
Fedora 38 : mod_auth_openidc (2023-b534ca7056)
2023-05-31 00:00:00
nvd
nvd
CVE-2023-28625
2023-04-03 14:15:07
cve
cve
CVE-2023-28625
2023-04-03 14:15:07
redhatcve
redhatcve
CVE-2023-28625
2023-04-03 18:14:37
debian
debian
[SECURITY] [DSA 5405-1] libapache2-mod-auth-openidc security update
2023-05-18 13:12:35
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
2023-04-30 21:14:15
cvelist
cvelist
oraclelinux
oraclelinux
mod_auth_openidc security and bug fix update
2023-11-11 00:00:00
mod_auth_openidc:2.3 security and bug fix update
2023-11-18 00:00:00
almalinux
almalinux
Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 00:00:00
Moderate: mod_auth_openidc security and bug fix update
2023-11-07 00:00:00
redhat
redhat
(RHSA-2023:6365) Moderate: mod_auth_openidc security and bug fix update
2023-11-07 06:03:12
(RHSA-2023:6940) Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 08:40:59
rosalinux
rosalinux
Advisory ROSA-SA-2024-2362
2024-02-27 09:20:02