Bug 2366847 (CVE-2025-40907) - CVE-2025-40907 perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library
Summary: CVE-2025-40907 perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include ...
Keywords:
Status: NEW
Alias: CVE-2025-40907
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2366914
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-16 14:01 UTC by OSIDB Bzimport
Modified: 2025-06-11 12:53 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:8625 0 None None None 2025-06-09 02:16:15 UTC
Red Hat Product Errata RHSA-2025:8635 0 None None None 2025-06-09 03:15:35 UTC
Red Hat Product Errata RHSA-2025:8636 0 None None None 2025-06-09 03:21:54 UTC
Red Hat Product Errata RHSA-2025:8677 0 None None None 2025-06-09 13:58:51 UTC
Red Hat Product Errata RHSA-2025:8678 0 None None None 2025-06-09 13:59:42 UTC
Red Hat Product Errata RHSA-2025:8696 0 None None None 2025-06-09 15:24:30 UTC
Red Hat Product Errata RHSA-2025:8697 0 None None None 2025-06-09 15:21:07 UTC
Red Hat Product Errata RHSA-2025:8698 0 None None None 2025-06-09 15:20:47 UTC
Red Hat Product Errata RHSA-2025:8703 0 None None None 2025-06-09 17:01:21 UTC
Red Hat Product Errata RHSA-2025:8829 0 None None None 2025-06-11 10:21:30 UTC
Red Hat Product Errata RHSA-2025:8890 0 None None None 2025-06-11 12:53:14 UTC

Description OSIDB Bzimport 2025-05-16 14:01:16 UTC 
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.

The included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Comment 2 Petr Pisar 2025-05-19 11:00:11 UTC 
FCGI upstream bug report <https://github.com/perl-catalyst/FCGI/issues/14>.
Comment 3 errata-xmlrpc 2025-06-09 02:16:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:8625 https://access.redhat.com/errata/RHSA-2025:8625
Comment 4 errata-xmlrpc 2025-06-09 03:15:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:8635 https://access.redhat.com/errata/RHSA-2025:8635
Comment 5 errata-xmlrpc 2025-06-09 03:21:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:8636 https://access.redhat.com/errata/RHSA-2025:8636
Comment 6 errata-xmlrpc 2025-06-09 13:58:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:8677 https://access.redhat.com/errata/RHSA-2025:8677
Comment 7 errata-xmlrpc 2025-06-09 13:59:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:8678 https://access.redhat.com/errata/RHSA-2025:8678
Comment 8 errata-xmlrpc 2025-06-09 15:20:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:8698 https://access.redhat.com/errata/RHSA-2025:8698
Comment 9 errata-xmlrpc 2025-06-09 15:21:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:8697 https://access.redhat.com/errata/RHSA-2025:8697
Comment 10 errata-xmlrpc 2025-06-09 15:24:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:8696 https://access.redhat.com/errata/RHSA-2025:8696
Comment 11 errata-xmlrpc 2025-06-09 17:01:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2025:8703 https://access.redhat.com/errata/RHSA-2025:8703
Comment 13 errata-xmlrpc 2025-06-11 10:21:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:8829 https://access.redhat.com/errata/RHSA-2025:8829
Comment 14 errata-xmlrpc 2025-06-11 12:53:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:8890 https://access.redhat.com/errata/RHSA-2025:8890
Note You need to log in before you can comment on or make changes to this bug.