CVE-2023-38285

NameCVE-2023-38285
DescriptionTrustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1042475

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
modsecurity (PTS)buster (security), buster, buster (lts)3.0.3-1+deb10u2vulnerable
bullseye3.0.4-2vulnerable
bookworm3.0.9-1+deb12u1fixed
sid, trixie3.0.13-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
modsecuritysourcebookworm3.0.9-1+deb12u1
modsecuritysource(unstable)3.0.10-11042475

Notes

[bullseye] - modsecurity <ignored> (Minor issue)
[buster] - modsecurity <no-dsa> (Minor issue)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/

Search for package or bug name: Reporting problems