Hi there,

I have a problem with the mod_security2 module for apache in openSUSE Leap 15.2.
After activating the module and mpm-prefork, the CPU-utilization increases in stages until it reaches 100 percent. It doesn't matter whether modsecurity is running in detection-only or blocking mode nor if the core rule set is enabled or not.
With the switch to mpm-event it seems to be better. Uitlization is also increasing in peaks but lowering down after a while. But the following errors are showing in the apache error log:

*** Error in `/usr/sbin/httpd-event': corrupted size vs. prev_size: 0x00007fd624019d50 ***
*** Error in `/usr/sbin/httpd-event': double free or corruption (out): 0x00007fd65001bc70 ***

Their going away when I disable the security2 module. I'm suspicious about a bug in the apache2 package and/or the mod_security2 package.

installed versions:
apache2: 2.4.43-lp152.2.6.1
apache2-event: 2.4.43-lp152.2.9.1
apache2-mod_security2: 2.9.2-lp152.3.7

I'm not sure if this is for a bug report, so here's the question whether someone has similar experiences and/or ideas for a solution.