PT-2025-21645 · Fcgi+7 · Fcgi+7

Synacktiv

Publicado

2025-01-04

Atualizado

2025-11-12

CVE-2025-40907

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: FCGI versions 0.44 through 0.82

Description: The included FastCGI library in FCGI is affected, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in the ReadParams function in fcgiapp.c.

Recommendations: For FCGI versions 0.44 through 0.82, consider disabling the ReadParams function in fcgiapp.c as a temporary workaround until a patch is available. Restrict access to the IPC socket to minimize the risk of exploitation. Avoid using crafted nameLen or valueLen values in data to the IPC socket until the issue is resolved.

Exploit

Correção

Integer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-1395CWE-122

Identificadores relacionados

ALSA-2025:8635

ALSA-2025:8636

ALSA-2025:8696

AZL-61899

AZL-61905

BDU:2025-09005

CESA-2025_8696

CVE-2025-40907

INFSA-2025_8635

INFSA-2025_8696

MGASA-2025-0277

OESA-2025-1544

RHSA-2025:8625

RHSA-2025:8635

RHSA-2025:8636

RHSA-2025:8677

RHSA-2025:8678

RHSA-2025:8696

RHSA-2025:8697

RHSA-2025:8698

RHSA-2025:8703

RHSA-2025:8829

RHSA-2025:8890

RHSA-2025_8635

RHSA-2025_8696

USN-7527-1

Produtos afetados

Almalinux

Centos

Fcgi

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2025-21645 · Fcgi+7 · Fcgi+7

CVE-2025-40907

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52