CVE-2025-40907 in FCGIinformation

Résumé

par MITRE • 16/05/2025

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.

The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

CPANSec

Réserver

16/04/2025

Divulgation

16/05/2025

Modérer

accepté

Entrée

VDB-309290

CPE

prêt

CWE

CWE-1395 (confirmé)

Exploitation

Télécharger

CVSS

5.5 (VulDB)

EPSS

0.00758

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-40907
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-40907
CVE Details	https://www.cvedetails.com/cve/CVE-2025-40907/

◂ Précédent Aperçu Suivant ▸

Want to know what is going to be exploited?

We predict KEV entries!