Описание
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libfcgi | fixed | 2.4.5-0.1 | package | |
| libfcgi | no-dsa | bookworm | package | |
| libfcgi | postponed | bullseye | package |
Примечания
https://github.com/FastCGI-Archives/fcgi2/issues/67
https://github.com/FastCGI-Archives/fcgi2/pull/74
Fixed by: https://github.com/FastCGI-Archives/fcgi2/commit/b0eabcaf4d4f371514891a52115c746815c2ff15 (2.4.5)
EPSS
Связанные уязвимости
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Уязвимость функции ReadParams реализации протокола FastCGI библиотеки fcgi2 (fcgi), позволяющая нарушителю выполнить произвольный код
EPSS