Bugzilla – Bug 1210073
VUL-0: CVE-2023-28625: apache2-mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied
Last modified: 2024-05-06 11:54:33 UTC
CVE-2023-28625 mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28625 https://bugzilla.redhat.com/show_bug.cgi?id=2184118 https://www.cve.org/CVERecord?id=CVE-2023-28625 http://www.cvedetails.com/cve/CVE-2023-28625/ https://github.com/OpenIDC/mod_auth_openidc/blame/3f11976dab56af0a46a7dddb7a275cc16d6eb726/src/mod_auth_openidc.c#L178-L179 https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.13.2 https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr
Affected: SUSE:SLE-12-SP4:Update apache2-mod_auth_openidc 2.4.0 SUSE:SLE-15-SP1:Update apache2-mod_auth_openidc 2.3.8
SUSE-SU-2023:1849-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1210073 CVE References: CVE-2023-28625 Sources used: openSUSE Leap 15.4 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 Server Applications Module 15-SP4 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise Real Time 15 SP3 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Manager Proxy 4.2 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Manager Retail Branch Server 4.2 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Manager Server 4.2 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Enterprise Storage 7.1 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE Enterprise Storage 7 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 SUSE CaaS Platform 4.0 (src): apache2-mod_auth_openidc-2.3.8-150100.3.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing