ModSecurity Integer Underflow Vulnerability in Verification Operators Leading to Denial-of-Service

A vulnerability in ModSecurity versions 3.0.0 prior to 3.0.15 allows for an unhandled exception due to unsigned integer underflow. This issue occurs in the WAF engine's libmodsecurity3 component when the user employs rules using the @verifySSN, @verifyCPF, or @verifySVNR operators. The underflow causes a loop to execute incorrectly, leading to an out-of-range error that terminates the process, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability causes an unhandled exception that terminates the process, leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, enable the ModSecurity rule engine and create a rule that uses the @verifySSN operator with a crafted input that triggers the unsigned integer underflow. When the rule is processed, the vulnerability will cause the application to crash due to the out-of-range exception.

Remediation

Users can upgrade to ModSecurity version 3.0.15 or later to address this vulnerability. Alternatively, the vulnerable @verifySSN, @verifyCPF, or @verifySVNR operators can be avoided.