The Issue: https://www.cve.org/CVERecord?id=CVE-2025-23016 FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. A fix has been addressed in: https://github.com/FastCGI-Archives/fcgi2/tree/2.4.6
FEDORA-2025-e5cc4338e7 (fcgi-2.4.0-52.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-e5cc4338e7
FEDORA-2025-bf22da3848 (fcgi-2.4.0-52.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-bf22da3848
FEDORA-EPEL-2025-9c3b16e06c (fcgi-2.4.0-52.el10_1) has been submitted as an update to Fedora EPEL 10.1. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9c3b16e06c
FEDORA-EPEL-2025-70ce865582 (fcgi-2.4.0-52.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-70ce865582
FEDORA-EPEL-2025-e655c1f968 (fcgi-2.4.0-52.el8) has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e655c1f968
FEDORA-2025-bf22da3848 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-bf22da3848` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-bf22da3848 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-9c3b16e06c has been pushed to the Fedora EPEL 10.1 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9c3b16e06c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-70ce865582 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-70ce865582 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-e655c1f968 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e655c1f968 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-e5cc4338e7 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-e5cc4338e7` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-e5cc4338e7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-9c3b16e06c (fcgi-2.4.0-52.el10_1) has been pushed to the Fedora EPEL 10.1 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2025-70ce865582 (fcgi-2.4.0-52.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2025-e655c1f968 (fcgi-2.4.0-52.el8) has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-e5cc4338e7 (fcgi-2.4.0-52.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-bf22da3848 (fcgi-2.4.0-52.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.