CVE-2023-25824

HIGH
Published Feb 23, 20233y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Feb 23, 2023 3y ago
Last Modified Jun 17, 2026 2w ago

Description

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-835

Affected Products 1

VendorProductVersionRange
mod_gnutls_projectmod_gnutls*≥0.9.0  –  <0.12.1

References 3

  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942737#25
    ExploitIssue TrackingMailing ListMitigationPatchThird Party Advisory
  • github.com https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec
    Patch
  • github.com https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8
    PatchVendor Advisory

Remediation

  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942737#25
    ExploitIssue TrackingMailing ListMitigationPatchThird Party Advisory
  • github.com https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec
    Patch
  • github.com https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8
    PatchVendor Advisory