Pycatchown

**Name of the Vulnerable Software and Affected Versions** FastCGI fcgi2 versions 2.x through 2.4.4 **Description** The issue is related to an integer overflow and a resultant heap-based buffer overflow in the FastCGI library, specifically in the ReadParams function in fcgiapp.c. This occurs when crafted nameLen or valueLen values are sent in data to the IPC socket. The vulnerability can be exploited to execute arbitrary code on vulnerable embedded devices, including cameras and IoT equipment. It is particularly concerning for 32-bit systems due to the lack of modern security features. The exploitation requires local or network access to the FastCGI IPC socket and the ability to send crafted parameters. **Recommendations** For FastCGI fcgi2 versions 2.x through 2.4.4, upgrade to version 2.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPC socket to minimize the risk of exploitation. Avoid using crafted nameLen or valueLen values in the affected API endpoint until the issue is resolved.