Unrated severityNVD Advisory· Published Apr 28, 2023· Updated Jan 30, 2025

CVE-2023-28882

Description

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.

Affected products

Trustwave/ModSecuritydescription
osv-coords12 versions
pkg:apk/chainguard/modsecurity pkg:apk/chainguard/modsecurity-config pkg:apk/chainguard/modsecurity-static pkg:apk/wolfi/modsecurity pkg:apk/wolfi/modsecurity-config pkg:apk/wolfi/modsecurity-static pkg:bitnami/modsecurity pkg:bitnami/modsecurity2 pkg:rpm/opensuse/modsecurity&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/modsecurity&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/modsecurity&distro=SUSE%20Package%20Hub%2015%20SP4 pkg:rpm/suse/modsecurity&distro=SUSE%20Package%20Hub%2015%20SP5
< 3.0.9-r0+ 11 more
- (no CPE)range: < 3.0.9-r0
- (no CPE)range: < 3.0.9-r0
- (no CPE)range: < 3.0.9-r0
- (no CPE)range: < 3.0.9-r0
- (no CPE)range: < 3.0.9-r0
- (no CPE)range: < 3.0.9-r0
- (no CPE)range: >= 3.0.5, < 3.0.9
- (no CPE)range: >= 3.0.5, < 3.0.9
- (no CPE)range: < 3.0.10-bp154.2.3.1
- (no CPE)range: < 3.0.10-bp155.3.3.1
- (no CPE)range: < 3.0.10-bp154.2.3.1
- (no CPE)range: < 3.0.10-bp155.3.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000