Описание
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra/bionic | released | 0.78-2ubuntu0.1~esm1 |
| esm-infra/focal | not-affected | 0.79-1ubuntu0.1 |
| esm-infra/xenial | released | 0.77-1ubuntu0.1~esm1 |
| focal | released | 0.79-1ubuntu0.1 |
| jammy | not-affected | 0.82+ds-1build1 |
| noble | not-affected | |
| oracular | not-affected | |
| plucky | not-affected | |
| upstream | released | 0.79+ds-2 |
Показывать по
Ссылки на источники
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable versio ...
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
EPSS
5.3 Medium
CVSS3