Permalink
CVE-2010-3872
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c
A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.
References
- FEDORA-2010-17474 vendor-advisory x_refsource_FEDORA
- FEDORA-2010-17434 vendor-advisory x_refsource_FEDORA
- FEDORA-2010-17472 vendor-advisory x_refsource_FEDORA
- openSUSE-SU-2011:0884 vendor-advisory x_refsource_SUSE
- SUSE-SU-2011:0885 vendor-advisory x_refsource_SUSE
- 69275 x_refsource_OSVDB vdb-entry
- 42288 x_refsource_SECUNIA third-party-advisory
- 42302 x_refsource_SECUNIA third-party-advisory
- 42815 x_refsource_SECUNIA third-party-advisory
- DSA-2140 vendor-advisory x_refsource_DEBIAN
- [apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released x_refsource_MLIST mailing-list
- 44900 vdb-entry x_refsource_BID
- ADV-2010-2997 x_refsource_VUPEN vdb-entry
- ADV-2010-2998 x_refsource_VUPEN vdb-entry
- ADV-2011-0031 x_refsource_VUPEN vdb-entry
- https://access.redhat.com/security/cve/CVE-2010-3872 x_refsource_REDHAT vdb-entry
- RHBZ#2248172 issue-tracking x_refsource_REDHAT
- apache-fcgid-bo(63303) vdb-entry x_refsource_XF
- https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2…
- https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 x_refsource_CONFIRM
- FEDORA-2010-17474 vendor-advisory x_refsource_FEDORA
- FEDORA-2010-17434 vendor-advisory x_refsource_FEDORA
- FEDORA-2010-17472 vendor-advisory x_refsource_FEDORA
- openSUSE-SU-2011:0884 vendor-advisory x_refsource_SUSE
- SUSE-SU-2011:0885 vendor-advisory x_refsource_SUSE
- 69275 x_refsource_OSVDB vdb-entry
- 42288 x_refsource_SECUNIA third-party-advisory
- 42302 x_refsource_SECUNIA third-party-advisory
- 42815 x_refsource_SECUNIA third-party-advisory
- DSA-2140 vendor-advisory x_refsource_DEBIAN
- [apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released x_refsource_MLIST mailing-list
- 44900 vdb-entry x_refsource_BID
- ADV-2010-2997 x_refsource_VUPEN vdb-entry
- ADV-2010-2998 x_refsource_VUPEN vdb-entry
- ADV-2011-0031 x_refsource_VUPEN vdb-entry
- https://access.redhat.com/security/cve/CVE-2010-3872 x_refsource_REDHAT vdb-entry
- RHBZ#2248172 issue-tracking x_refsource_REDHAT
- apache-fcgid-bo(63303) vdb-entry x_refsource_XF
- https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2…
- https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 x_refsource_CONFIRM
- https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 x_transferred x_refsource_CONFIRM
- FEDORA-2010-17474 vendor-advisory x_transferred x_refsource_FEDORA
- FEDORA-2010-17434 vendor-advisory x_transferred x_refsource_FEDORA
- FEDORA-2010-17472 vendor-advisory x_transferred x_refsource_FEDORA
- openSUSE-SU-2011:0884 vendor-advisory x_transferred x_refsource_SUSE
- SUSE-SU-2011:0885 vendor-advisory x_transferred x_refsource_SUSE
- 69275 x_refsource_OSVDB x_transferred vdb-entry
- 42288 x_refsource_SECUNIA third-party-advisory x_transferred
- 42302 x_refsource_SECUNIA third-party-advisory x_transferred
- 42815 x_refsource_SECUNIA third-party-advisory x_transferred
- DSA-2140 vendor-advisory x_refsource_DEBIAN x_transferred
- [apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released x_refsource_MLIST mailing-list x_transferred
- 44900 x_transferred vdb-entry x_refsource_BID
- ADV-2010-2997 x_refsource_VUPEN vdb-entry x_transferred
- ADV-2010-2998 x_refsource_VUPEN vdb-entry x_transferred
- ADV-2011-0031 x_refsource_VUPEN vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2010-3872 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2248172 issue-tracking x_refsource_REDHAT x_transferred
- apache-fcgid-bo(63303) x_transferred vdb-entry x_refsource_XF
- https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2… x_transferred
- FEDORA-2010-17474 vendor-advisory x_refsource_FEDORA
- FEDORA-2010-17434 vendor-advisory x_refsource_FEDORA
- FEDORA-2010-17472 vendor-advisory x_refsource_FEDORA
- openSUSE-SU-2011:0884 vendor-advisory x_refsource_SUSE
- SUSE-SU-2011:0885 vendor-advisory x_refsource_SUSE
- 69275 x_refsource_OSVDB vdb-entry
- 42288 x_refsource_SECUNIA third-party-advisory
- 42302 x_refsource_SECUNIA third-party-advisory
- 42815 x_refsource_SECUNIA third-party-advisory
- DSA-2140 vendor-advisory x_refsource_DEBIAN
- [apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released x_refsource_MLIST mailing-list
- 44900 vdb-entry x_refsource_BID
- ADV-2010-2997 x_refsource_VUPEN vdb-entry
- ADV-2010-2998 x_refsource_VUPEN vdb-entry
- ADV-2011-0031 x_refsource_VUPEN vdb-entry
- https://access.redhat.com/security/cve/CVE-2010-3872 x_refsource_REDHAT vdb-entry
- RHBZ#2248172 issue-tracking x_refsource_REDHAT
- apache-fcgid-bo(63303) vdb-entry x_refsource_XF
- https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2…
- https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 x_refsource_CONFIRM
- FEDORA-2010-17474 vendor-advisory x_transferred x_refsource_FEDORA
- FEDORA-2010-17434 vendor-advisory x_transferred x_refsource_FEDORA
- FEDORA-2010-17472 vendor-advisory x_transferred x_refsource_FEDORA
- openSUSE-SU-2011:0884 vendor-advisory x_transferred x_refsource_SUSE
- SUSE-SU-2011:0885 vendor-advisory x_transferred x_refsource_SUSE
- 69275 x_refsource_OSVDB x_transferred vdb-entry
- 42288 x_refsource_SECUNIA third-party-advisory x_transferred
- 42302 x_refsource_SECUNIA third-party-advisory x_transferred
- 42815 x_refsource_SECUNIA third-party-advisory x_transferred
- DSA-2140 vendor-advisory x_refsource_DEBIAN x_transferred
- [apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released x_refsource_MLIST mailing-list x_transferred
- 44900 x_transferred vdb-entry x_refsource_BID
- ADV-2010-2997 x_refsource_VUPEN vdb-entry x_transferred
- ADV-2010-2998 x_refsource_VUPEN vdb-entry x_transferred
- ADV-2011-0031 x_refsource_VUPEN vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2010-3872 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2248172 issue-tracking x_refsource_REDHAT x_transferred
- apache-fcgid-bo(63303) x_transferred vdb-entry x_refsource_XF
- https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2… x_transferred
- https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 x_transferred x_refsource_CONFIRM
Affected products
mod_fcgid
- ==2.3.6
Matching in nixpkgs
pkgs.fedora-backgrounds.f32
Set of default and supplemental wallpapers for Fedora
pkgs.fedora-backgrounds.f33
Set of default and supplemental wallpapers for Fedora
pkgs.fedora-backgrounds.f34
Set of default and supplemental wallpapers for Fedora
pkgs.fedora-backgrounds.f35
Set of default and supplemental wallpapers for Fedora
pkgs.fedora-backgrounds.f36
Set of default and supplemental wallpapers for Fedora
pkgs.fedora-backgrounds.f37
Set of default and supplemental wallpapers for Fedora
pkgs.fedora-backgrounds.f38
Set of default and supplemental wallpapers for Fedora
pkgs.haskellPackages.fedora-krb
Kerberos for Fedora packagers
pkgs.haskellPackages.fedora-dists
Library for Fedora distribution versions
pkgs.haskellPackages.fedora-releases
Library for Fedora release versions
pkgs.python312Packages.python-fedora
Module to interact with the infrastructure of the Fedora Project
pkgs.python313Packages.python-fedora
Module to interact with the infrastructure of the Fedora Project
pkgs.python314Packages.python-fedora
Module to interact with the infrastructure of the Fedora Project
pkgs.python312Packages.fedora-messaging
Library for sending AMQP messages with JSON schema in Fedora infrastructure
pkgs.python313Packages.fedora-messaging
Library for sending AMQP messages with JSON schema in Fedora infrastructure
pkgs.python314Packages.fedora-messaging
Library for sending AMQP messages with JSON schema in Fedora infrastructure
pkgs.haskellPackages.fedora-haskell-tools
Building and maintenance tools for Fedora Haskell
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>
-
@erictapen Kerstin Humm <kerstin@erictapen.name>