Bug 2248172 (CVE-2010-3872) - CVE-2010-3872 httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c
Summary: CVE-2010-3872 httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_b...
Status: NEW
Alias: CVE-2010-3872
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On:
Blocks: 2244856
TreeView+ depends on / blocked
Reported: 2023-11-06 17:32 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-11-13 19:02 UTC (History)
0 users

Fixed In Version: mod_fcgid 2.3.6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-11-06 17:32:46 UTC
The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."


Upstream patch:

Note You need to log in before you can comment on or make changes to this bug.