Описание
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-23016
- https://github.com/FastCGI-Archives/fcgi2/issues/67
- https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5
- https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library
- http://www.openwall.com/lists/oss-security/2025/04/23/4
Связанные уязвимости
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...
Уязвимость функции ReadParams реализации протокола FastCGI библиотеки fcgi2 (fcgi), позволяющая нарушителю выполнить произвольный код