rpm package
opensuse/FastCGI&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/FastCGI&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-23016 | Cri | 9.3 | < 2.4.6-1.1 | 2.4.6-1.1 | Jan 10, 2025 | FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | |
| CVE-2011-2766 | — | < 2.4.0-171.10 | 2.4.0-171.10 | Sep 23, 2011 | The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. |
- affected < 2.4.6-1.1fixed 2.4.6-1.1
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
- CVE-2011-2766Sep 23, 2011affected < 2.4.0-171.10fixed 2.4.0-171.10
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.