发布于3月6日3月6日 Members Debian: CVE-2023-28625: libapache2-mod-auth-openidc -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/03/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. Solution(s) debian-upgrade-libapache2-mod-auth-openidc References https://attackerkb.com/topics/cve-2023-28625 CVE - 2023-28625 DLA-3409-1
