Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mod_gnutls contains Infinite Loop on request read timeout
Vulnerability Description
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
Mod_gnutls 安全漏洞
Vulnerability Description
mod_gnutls是基于 GnuTLS 的 Apache HTTPD 的 TLS 模块。 Mod_gnutls 0.12.1之前版本存在安全漏洞,该漏洞源于没有正确阻止TLS连接上的读取操作,攻击者利用该漏洞可以造成拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A