Описание
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.4.5-0.1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-infra/xenial | needed | |
| focal | ignored | end of standard support, was needed |
| jammy | released | 2.4.2-2ubuntu0.1 |
| noble | released | 2.4.2-2.1ubuntu0.24.04.1 |
| oracular | released | 2.4.2-2.1ubuntu0.24.10.1 |
| plucky | released | 2.4.2-2.1ubuntu0.25.04.1 |
| questing | released | 2.4.5-0.1 |
Показывать по
10
EPSS
Процентиль: 21%
0.00067
Низкий
9.3 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.3
nvd
10 месяцев назад
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
CVSS3: 9.3
debian
10 месяцев назад
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...
EPSS
Процентиль: 21%
0.00067
Низкий
9.3 Critical
CVSS3