Upstream information
Description
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | CNA (CISA-ADP) | SUSE |
|---|---|---|
| Base Score | 5.3 | 5.3 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | None | None |
| Integrity Impact | None | None |
| Availability Impact | Low | Low |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- ESSA-2025:3015, published Thu Jun 12 15:06:40 UTC 2025
- ESSA-2025:3016, published Thu Jun 12 15:06:40 UTC 2025
- ESSA-2025:3017, published Thu Jun 12 15:06:41 UTC 2025
- ESSA-2025:3018, published Thu Jun 12 15:06:41 UTC 2025
- RHSA-2025:8625, published Thu Jun 12 15:06:39 UTC 2025
- RHSA-2025:8635, published Wed Jun 11 15:06:39 UTC 2025
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Liberty Linux 7 LTSS |
| Patchnames: RHSA-2025:8625 |
| SUSE Liberty Linux 8 |
| Patchnames: ESSA-2025:3015 ESSA-2025:3016 ESSA-2025:3017 ESSA-2025:3018 |
| SUSE Liberty Linux 9 |
| Patchnames: RHSA-2025:8635 |
SUSE Timeline for this CVE
CVE page created: Fri May 16 16:00:15 2025CVE page last modified: Wed Oct 22 22:09:01 2025