Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-E8B20517-DBB6-11ED-BF28-589CFC0F81B0 (CVE-2023-25824): mod_gnutls -- Infinite Loop on request read timeout

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

FreeBSD: VID-E8B20517-DBB6-11ED-BF28-589CFC0F81B0 (CVE-2023-25824): mod_gnutls -- Infinite Loop on request read timeout

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
02/23/2023
Created
05/05/2023
Added
04/16/2023
Modified
04/16/2023

Description

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.

Solution(s)

  • freebsd-upgrade-package-ap24-mod_gnutls

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;