Apache mod_gnutls Stack-Based Buffer Overflow Vulnerability in Client Certificate Verification

A stack-based buffer overflow vulnerability has been identified in the Apache mod_gnutls module, which is based on GnuTLS. This issue affects versions prior to 0.12.3 and 0.13.0. The vulnerability arises because the client certificate verification process imports the certificate chain from the client into a fixed-size array of GnuTLS certificate structures. This import occurs without verifying that the number of certificates does not exceed the array's capacity. While this flaw does not allow for the writing of attacker-controlled data into the stack buffer, it can lead to a segmentation fault by overwriting a pointer beyond the last array element. Theoretically, this could cause stack corruption, although such an effect has not been observed in practice. Server configurations that do not require client certificates are not vulnerable.

Impact

Exploitation of this vulnerability causes a segmentation fault, disrupting the server process. Although not observed, such a stack-based buffer overflow could potentially be exploited to corrupt the stack and execute arbitrary code.

Remediation

Users can upgrade to mod_gnutls version 0.12.3 or 0.13.0 to address this vulnerability. Version 0.12.3 includes a critical fix for users on the 0.12.x branch who prefer not to upgrade to 0.13.0.