Lucene search

FreeBSDE8B20517-DBB6-11ED-BF28-589CFC0F81B0

HistoryFeb 23, 2023 - 12:00 a.m.

mod_gnutls -- Infinite Loop on request read timeout

2023-02-2300:00:00

vuxml.freebsd.org

mod_gnutls

apache httpd

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.1%

JSON

The mod_gnutls project reports:

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions
from 0.9.0 to 0.12.0 (including) did not properly fail blocking
read operations on TLS connections when the transport hit timeouts.
Instead it entered an endless loop retrying the read operation,
consuming CPU resources. This could be exploited for denial of
service attacks. If trace level logging was enabled, it would also
produce an excessive amount of log output during the loop, consuming
disk space.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchap24-mod_gnutls< 0.12.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ap24-mod_gnutls	< 0.12.1	UNKNOWN

References

mod.gnutls.org/browser/mod_gnutls/CHANGELOG?rev=17b2836dc3e27754159ffb098323a4cd4426192f

nvd.nist.gov/vuln/detail/CVE-2023-25824

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for E8B20517-DBB6-11ED-BF28-589CFC0F81B0