exploitDog

CVE-2025-23016

Опубликовано: 10 янв. 2025

Источник: debian

Описание

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libfcgi	fixed	2.4.5-0.1		package
libfcgi	fixed	2.4.2-2+deb12u1	bookworm	package

Примечания

https://github.com/FastCGI-Archives/fcgi2/issues/67
https://github.com/FastCGI-Archives/fcgi2/pull/74
Fixed by: https://github.com/FastCGI-Archives/fcgi2/commit/b0eabcaf4d4f371514891a52115c746815c2ff15 (2.4.5)

Связанные уязвимости

CVE-2025-23016

CVSS3: 9.3

ubuntu

10 месяцев назад

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

CVE-2025-23016

CVSS3: 9.3

nvd

10 месяцев назад

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

CVE-2025-23016

CVSS3: 9.3

msrc

7 месяцев назад

Описание отсутствует

SUSE-SU-2025:02372-1

suse-cvrf

4 месяца назад

Security update for FastCGI

SUSE-SU-2025:02369-1

suse-cvrf

4 месяца назад

Security update for FastCGI