What is CVE-2023-25824?

CVE-2023-25824 is a high-severity vulnerability in Airtower-luna Mod_gnutls, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 7.5/10. Published 2023-02-23.

How severe is CVE-2023-25824?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Airtower-luna Mod_gnutls

CVE-2023-25824

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop re…

EPSS: 0.007 (72.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Airtower-luna Mod_gnutls — versions >= 0.9.0, < 0.12.1

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8 (x_refsource_CONFIRM)
https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec (x_refsource_MISC)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942737#25 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-25824?: CVE-2023-25824 is a high-severity vulnerability in Airtower-luna Mod_gnutls, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 7.5/10. Published 2023-02-23.
How severe is CVE-2023-25824?: High severity. CVSS v3 base score is 7.5 out of 10.