Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-8696

Опубликовано: 10 июн. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-8696: perl-FCGI:0.78 security update (IMPORTANT)

perl-FCGI [1:0.78-12]

  • Fix CVE-2025-40907 (integer overflow when parsing FastCGI parameters)

perl-FCGI [1:0.78-12]

  • Fix CVE-2025-40907 (integer overflow when parsing FastCGI parameters)

perl-FCGI [1:0.78-12]

  • Fix CVE-2025-40907 (integer overflow when parsing FastCGI parameters)

perl-FCGI [1:0.78-12]

  • Fix CVE-2025-40907 (integer overflow when parsing FastCGI parameters)

perl-FCGI [1:0.78-12]

  • Fix CVE-2025-40907 (integer overflow when parsing FastCGI parameters)

perl-FCGI [1:0.78-12]

  • Fix CVE-2025-40907 (integer overflow when parsing FastCGI parameters)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module perl-FCGI:0.78 is enabled

perl-FCGI

0.78-12.module+el8.10.0+90610+34bf9e59

perl-FCGI

0.78-12.module+el8.10.0+90610+44f1ea29

perl-FCGI

0.78-12.module+el8.10.0+90610+c79d14b8

perl-FCGI

0.78-12.module+el8.10.0+90610+f44a9047

Oracle Linux x86_64

Module perl-FCGI:0.78 is enabled

perl-FCGI

0.78-12.module+el8.10.0+90610+34bf9e59

perl-FCGI

0.78-12.module+el8.10.0+90610+44f1ea29

perl-FCGI

0.78-12.module+el8.10.0+90610+c79d14b8

perl-FCGI

0.78-12.module+el8.10.0+90610+f44a9047

Связанные CVE

CVE-2025-40907

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-40907

CVSS3: 5.3
ubuntu
около 1 месяца назад

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

redhat логотип

CVE-2025-40907

CVSS3: 7.5
redhat
около 1 месяца назад

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

nvd логотип

CVE-2025-40907

CVSS3: 5.3
nvd
около 1 месяца назад

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

debian логотип

CVE-2025-40907

CVSS3: 5.3
debian
около 1 месяца назад

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable versio ...

github логотип

GHSA-488m-4fx8-f36v

CVSS3: 5.3
github
около 1 месяца назад

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.