CVE-2021-32785

2021-07-2200:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.8%

JSON

mod_auth_openidc is an authentication/authorization module for the Apache
2.x HTTP server that functions as an OpenID Connect Relying Party,
authenticating users against an OpenID Connect Provider. When
mod_auth_openidc versions prior to 2.4.9 are configured to use an
unencrypted Redis cache (OIDCCacheEncrypt off, OIDCSessionType server-cache, OIDCCacheType redis), mod_auth_openidc wrongly performed
argument interpolation before passing Redis requests to hiredis, which
would perform it again and lead to an uncontrolled format string bug.
Initial assessment shows that this bug does not appear to allow gaining
arbitrary code execution, but can reliably provoke a denial of service by
repeatedly crashing the Apache workers. This bug has been corrected in
version 2.4.9 by performing argument interpolation only once, using the
hiredis API. As a workaround, this vulnerability can be mitigated by
setting OIDCCacheEncrypt to on, as cache keys are cryptographically
hashed before use when this option is enabled.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibapache2-mod-auth-openidc< anyUNKNOWN
ubuntu20.04noarchlibapache2-mod-auth-openidc< anyUNKNOWN
ubuntu16.04noarchlibapache2-mod-auth-openidc< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	libapache2-mod-auth-openidc	< any	UNKNOWN
ubuntu	20.04	noarch	libapache2-mod-auth-openidc	< any	UNKNOWN
ubuntu	16.04	noarch	libapache2-mod-auth-openidc	< any	UNKNOWN