Amaury4Sg

**Name of the Vulnerable Software and Affected Versions** mod auth openidc versions 2.0.0 through 2.4.13.1 **Description** The issue is related to the mod auth openidc module for the Apache 2.x HTTP server, which implements OpenID Connect Relying Party functionality. When `OIDCStripCookies` is set and a crafted cookie is supplied, a NULL pointer dereference occurs, resulting in a segmentation fault. This can be used in a Denial-of-Service attack, presenting an availability risk. **Recommendations** For mod auth openidc versions 2.0.0 through 2.4.13.1, update to version 2.4.13.2 to resolve the issue. As a temporary workaround, avoid using `OIDCStripCookies` to minimize the risk of exploitation.