Candidate: CVE-2021-20718
PublicDate: 2021-05-20 02:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20718
 https://github.com/zmartzone/mod_auth_openidc
 https://jvn.jp/en/jp/JVN49704918/index.html
 https://www.zmartzone.eu/
Description:
 mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a
 denial-of-service (DoS) condition via unspecified vectors.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libapache2-mod-auth-openidc:
 upstream: https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120
 debian: https://salsa.debian.org/debian/libapache2-mod-auth-openidc/-/commit/76dfcfe0760463e131761b37dd778e3d501e489e
upstream_libapache2-mod-auth-openidc: released (2.4.8,2.4.4.1-2)
precise/esm_libapache2-mod-auth-openidc: DNE
trusty_libapache2-mod-auth-openidc: ignored (out of standard support)
trusty/esm_libapache2-mod-auth-openidc: DNE
xenial_libapache2-mod-auth-openidc: ignored (out of standard support)
bionic_libapache2-mod-auth-openidc: needs-triage
focal_libapache2-mod-auth-openidc: needs-triage
groovy_libapache2-mod-auth-openidc: ignored (reached end-of-life)
hirsute_libapache2-mod-auth-openidc: ignored (reached end-of-life)
impish_libapache2-mod-auth-openidc: not-affected (2.4.9-1)
jammy_libapache2-mod-auth-openidc: not-affected (2.4.9-1)
devel_libapache2-mod-auth-openidc: not-affected (2.4.9-1)