Bug 2369269 - CVE-2025-23016 FastCGI integer overflow
Summary: CVE-2025-23016 FastCGI integer overflow
Keywords:
Status: ON_QA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: fcgi
Version: epel9
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Andrew Bauer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-29 21:33 UTC by David Heitbrink
Modified: 2025-05-31 02:28 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description David Heitbrink 2025-05-29 21:33:29 UTC 
The Issue:
https://www.cve.org/CVERecord?id=CVE-2025-23016

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

A fix has been addressed in:

https://github.com/FastCGI-Archives/fcgi2/tree/2.4.6
Comment 1 Fedora Update System 2025-05-30 12:46:04 UTC 
FEDORA-2025-e5cc4338e7 (fcgi-2.4.0-52.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-e5cc4338e7
Comment 2 Fedora Update System 2025-05-30 12:46:32 UTC 
FEDORA-2025-bf22da3848 (fcgi-2.4.0-52.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-bf22da3848
Comment 3 Fedora Update System 2025-05-30 12:47:07 UTC 
FEDORA-EPEL-2025-9c3b16e06c (fcgi-2.4.0-52.el10_1) has been submitted as an update to Fedora EPEL 10.1.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9c3b16e06c
Comment 4 Fedora Update System 2025-05-30 12:47:51 UTC 
FEDORA-EPEL-2025-70ce865582 (fcgi-2.4.0-52.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-70ce865582
Comment 5 Fedora Update System 2025-05-30 12:49:14 UTC 
FEDORA-EPEL-2025-e655c1f968 (fcgi-2.4.0-52.el8) has been submitted as an update to Fedora EPEL 8.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e655c1f968
Comment 6 Fedora Update System 2025-05-31 00:53:27 UTC 
FEDORA-2025-bf22da3848 has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-bf22da3848`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-bf22da3848

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2025-05-31 01:41:19 UTC 
FEDORA-EPEL-2025-9c3b16e06c has been pushed to the Fedora EPEL 10.1 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9c3b16e06c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 8 Fedora Update System 2025-05-31 01:47:56 UTC 
FEDORA-EPEL-2025-70ce865582 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-70ce865582

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2025-05-31 01:53:54 UTC 
FEDORA-EPEL-2025-e655c1f968 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e655c1f968

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2025-05-31 02:28:44 UTC 
FEDORA-2025-e5cc4338e7 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-e5cc4338e7`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-e5cc4338e7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Note You need to log in before you can comment on or make changes to this bug.