FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams

Affected packages
fcgi < 2.4.5

Details

VuXML ID 5f868a5f-2943-11f0-bb22-f02f7432cf97
Discovery 2025-01-10
Entry 2025-05-04

cve@mitre.org reports:

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

References

CVE Name CVE-2025-23016
URL https://github.com/FastCGI-Archives/fcgi2/issues/67
URL https://nvd.nist.gov/vuln/detail/CVE-2025-23016