CVE-2010-3872

CWE-121Stack-based Buffer OverflowCWE-1897 documents7 sources
Severity
7.5HIGH
EPSS
0.9%
top 23.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache MOD Fcgid
Timeline
PublishedNov 22
Latest updateMay 17

Description

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianlibapache2-mod-fcgid< 1:2.3.6-1+3
NVDapache/mod_fcgid2.3.5+4

Patches

Patch: issues.apache.orgPatch: issues.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-ff73-846q-p888: The fcgid_header_bucket_read function in fcgid_bucket2022-05-17
OSV
CVE-2010-3872: A flaw was found in the mod_fcgid module of httpd2010-11-22
CVEList
Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c2010-11-20

💥Exploits & PoCs

1
Exploit-DB
HP OpenView - Operations OVTrace Buffer Overflow (Metasploit)2010-06-22

📋Vendor Advisories

2
Red Hat
httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c2010-06-08
Debian
CVE-2010-3872: libapache2-mod-fcgid - A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response ...2010
CVE-2010-3872 (HIGH CVSS 7.5) | A flaw was found in the mod_fcgid m | cvebase.io