CVE-2010-3872

EPSS 0.94%
Published 22.11.2010 12:54:10
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

Affected products Warnungen 0 Metrics 3 CWE 1 References 23

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Mod Fcgid Version <= 2.3.5

Apache ≫ Mod Fcgid Version2.3.1

Apache ≫ Mod Fcgid Version2.3.2

Apache ≫ Mod Fcgid Version2.3.3

Apache ≫ Mod Fcgid Version2.3.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.94%	0.742

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html

http://osvdb.org/69275

http://secunia.com/advisories/42288

Vendor Advisory

http://secunia.com/advisories/42302

Vendor Advisory

http://secunia.com/advisories/42815

http://www.debian.org/security/2010/dsa-2140