HTTPd mod_auth_openidc NULL ptr deref via OIDCStripCookies (v2.0.0-2.4.13.1)
CVE-2023-28625 Published on April 3, 2023
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.
Vulnerability Analysis
CVE-2023-28625 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2023-28625
stack.watch emails you whenever new vulnerabilities are published in Apache HTTP Server or Mod Auth Openidc. Just hit a watch button to start following.
Affected Versions
mod_auth_openidc Version >= 2.0.0, < 2.4.13.2 is affected by CVE-2023-28625Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.