https://0d2d0d50.website-1u6.pages.dev/tags/libmodsecurity3-cve-2023-38285/Recent content in CRS Projecthttps://0d2d0d50.website-1u6.pages.dev/20230802/libmodsecurity3-cve-2023-38285-affecting-crs-users/Wed, 02 Aug 2023 15:45:05 +0200<p>Many CRS users have probably read Trustwave&rsquo;s recent announcement about the new version of libmodsecurity3 (aka ModSecurity v3) and the reason for the release:</p> <p><a href="https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/">https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/</a></p> <p>The new version of the WAF library fixes a CVE described issue, namely: &ldquo;DoS Vulnerability in Four Transformations&rdquo;.</p> <p>We would like to draw the attention of all CRS users who also use libmodsecurity3 <strong>to update the library as soon as possible</strong>. CRS uses one of the mentioned transformations (<code>removeNull</code>) in several rules. Unfortunately, after analyzing the patch that fixes the bug, we were able to construct a payload that overloaded the libmodsecurity3 engine which many people use with CRS.</p>