Updated fcgi packages fix security vulnerability

May 5, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title Updated fcgi packages fix security vulnerability
Type mageia
Published 2025-05-05T07:57:03
Last Seen 2025-05-05T05:57:16
CVSS Score 9.3 (CRITICAL)

CVSS v3 Details

Attack Vector LOCAL
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope CHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

CVE Information

CVE IDs CVE-2025-23016
CWE
Bulletin Family unix

Description

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016)

Impact Assessment

Base Score 9.3
Severity CRITICAL

View full CVE details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.