Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/ https://github.com/SpiderLabs/ModSecurity/pull/2886/commits/db84d8cf771d39db578707cd03ec2b60f74c9785
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-28882