Vrasneur

**Name of the Vulnerable Software and Affected Versions** mod auth mellon versions prior to 0.11.1 **Description** The issue is related to the `am read post data` function, which fails to check for errors returned by the `ap get client block` function. This oversight allows remote attackers to craft malicious POST data, leading to a denial of service, characterized by a segmentation fault and process crash. **Recommendations** For versions prior to 0.11.1, update to version 0.11.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `am read post data` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** mod auth mellon versions prior to 0.11.1 **Description** The issue is related to the `am read post data` function, which does not limit the amount of data read. This allows remote attackers to cause a denial of service by sending a large amount of POST data, potentially leading to a worker process crash, web server deadlock, or excessive memory consumption. **Recommendations** For versions prior to 0.11.1, update to version 0.11.1 or later to resolve the issue. As a temporary workaround, consider restricting the amount of POST data that can be sent to the server to minimize the risk of exploitation.