INFSA-2025:8636: perl-FCGI security update
Information about definition
Identificator: INFSA-2025:8636
Type: security
Release date: 2025-07-15 19:19:05 UTC
Information about package
FastCGI Perl bindings.
Vulnerabilities description
- CVE-2025-40907
A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-40907
|
no information | 7.5 | no information |
Updated packages