INFSA-2025:8696: perl-FCGI:0.78 security update
Information about definition
Identificator: INFSA-2025:8696
Type: security
Release date: 2025-07-09 18:59:08 UTC
Information about package
The perl-FCGI package provides a Perl module for writing FastCGI applications. FastCGI is a more efficient alternative to traditional CGI, as it keeps application processes persistent across multiple requests. This module allows Perl web applications to handle requests faster and with lower resource overhead, making it suitable for high-traffic environments.
Vulnerabilities description
- CVE-2025-40907
A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-40907
|
no information | 7.5 | no information |
Updated packages