All errata/c10f2/ALT-PU-2025-6559-2
ALT-PU-2025-6559-2

Package update libfcgi in branch c10f2

Version2.4.6-alt1
Task#383842
Published2025-05-13
Max severityCRITICAL
Severity:

Closed issues (2)

BDU:2025-05008
CRITICAL10.0

Уязвимость функции ReadParams реализации протокола FastCGI библиотеки fcgi2 (fcgi), позволяющая нарушителю выполнить произвольный код

Published: 2025-04-28Modified: 2026-03-04
CVSS 3.xCRITICAL 10.0
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2025-23016
CRITICAL9.3

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Published: 2025-01-10Modified: 2026-04-15
CVSS 3.xCRITICAL 9.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References