VYPR
High severity7.5NVD Advisory· Published Apr 3, 2023· Updated Jun 17, 2026

CVE-2023-28625

CVE-2023-28625

Description

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using OIDCStripCookies.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

32

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.