CVE-2025-23016

Published Jan 10, 2025

Last updated 6 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-23016 affects FastCGI fcgi2 (aka fcgi) versions 2.x through 2.4.4. It involves an integer overflow vulnerability within the `ReadParams` function in `fcgiapp.c`. This overflow occurs when processing `nameLen` or `valueLen` values from data sent to the IPC socket. The integer overflow can lead to a heap-based buffer overflow. Specifically, the overflow happens during the calculation of `nameLen + valueLen`, potentially resulting in a smaller-than-required buffer being allocated.

Description
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.3
Impact score
6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-190

Social media

Hype score
Not currently trending
  1. 🚨 Before SSTIC - Annonce rumps "CVE-2025-23016, exploiter la bibliothèque FastCGI" 🎙 - Shiro 📆 - 03/06 18h30 📍 - Bloom Pop 34 Rue des Munitionnettes, Rennes https://t.co/kKem1iGRJz

    @dcgparis

    27 May 2025

    469 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  2. FastCGI Library の脆弱性 CVE-2025-23016 が FIX:ヒープ・オーバーフローの恐れ https://t.co/vWvRDcPKOP この脆弱性 CVE-2025-23016 を NVD で調べてみたところ、 CVSS 値 9.3 (MITRE 評価)とされていました。すでに PoC

    @iototsecnews

    12 May 2025

    113 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Patch Ubuntu NOW! 🚨 CVE-2025-23016 in FastCGI (libfcgi) exposes servers to RCE & crashes. Affects: ✅ 22.04 LTS ✅ 24.04 LTS ✅ 25.04 Fix: sudo apt upgrade libfcgi 👉 https://t.co/avGC5h7DfM #LinuxSecurity #Ubuntu https://t.co/fNJXUrEIRz

    @Cezar_H_Linux

    7 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Critical FastCGI Vulnerability (#CVE-2025-23016) Exposes Embedded Devices to Remote Code Execution https://t.co/tkED5EvqPG

    @UndercodeNews

    28 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️ Vulnerability Alert: FastCGI Heap Overflow Vulnerability 📅 Timeline: Disclosure: 2025-01-10, Patch: 2025-04-24 🆔 CVE: CVE-2025-23016 📊 Base Score: 9.4 (Critical 🔴) 📏 CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 📈 EPSS Percentile: 4.85% 🛠

    @syedaquib77

    28 Apr 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  6. CVE-2025-23016: Critical FastCGI Heap Overflow Threatens Embedded Devices, PoC Releases https://t.co/MQK69VnH5y

    @the_yellow_fall

    28 Apr 2025

    1812 Impressions

    14 Retweets

    48 Likes

    23 Bookmarks

    0 Replies

    0 Quotes

  7. FastCGIライブラリに存在する重大な脆弱性(CVE-2025-23016)が報告された。この脆弱性はパラメータ長の不適切な処理に起因し、ヒープオーバーフローを引き起こす可能性がある。 特にカメラや組込み機器などの

    @yousukezan

    28 Apr 2025

    2595 Impressions

    9 Retweets

    20 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  8. CVE-2025-23016 (CVSS:9.3, CRITICAL) is Awaiting Analysis. FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafte..https://t.co/yI8EQ6nnJB #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    15 Jan 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE Alert: CVE-2025-23016 - https://t.co/jvPS530fTg #OSINT #ThreatIntel #CyberSecurity #cve_2025_23016

    @RedPacketSec

    11 Jan 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-23016 Integer Overflow Leading to Heap Buffer Overflow in FastCGI 2.4.4 FastCGI fcgi2 (version 2.x up to 2.4.4) has an integer overflow vulnerability. This leads to a heap-based buffer overflow. The issu... https://t.co/BgKzFkU0BP

    @VulmonFeeds

    10 Jan 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. New post from https://t.co/uXvPWJy6tj (CVE-2025-23016 | FastCGI fcgi2 up to 2.4.4 fcgiapp.c nameLen/valueLen integer overflow (Issue 67)) has been published on https://t.co/GP4T7hTBYr

    @WolfgangSesin

    10 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. [CVE-2025-23016: CRITICAL] FastCGI fcgi2 2.x through 2.4.4 has a critical vulnerability allowing an overflow attack via manipulated values in data to the IPC socket. #cybersecurity#cybersecurity,#vulnerability https://t.co/7BDS4JMCbS https://t.co/ooLq6ZaHuh

    @CveFindCom

    10 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-23016 FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IP… https://t.co/65YDTcNLq7

    @CVEnew

    10 Jan 2025

    450 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes