CVE-2012-6687 — Improper Input Validation in Libfcgi

CWE-20 — Improper Input Validation7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

25.5%

top 3.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libfcgi Debian Libfcgi-perl Fastcgi Fcgi +20 more

Timeline

PublishedFeb 19

Latest updateJun 11

Description

FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages23 packages

▶debiandebian/libfcgi< libfcgi 2.4.0-8.3 (bookworm)

▶debiandebian/libfcgi-perl< libfcgi 2.4.0-8.3 (bookworm)

▶NVDfastcgi/fcgi2.4.0

▶msrcmsrc/fcgi-2.4.0-7.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64

▶msrcmsrc/fcgi-2.4.0-7.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64

🔴Vulnerability Details

GHSA

GHSA-v5rv-9c87-6gww: FastCGI (aka fcgi and libfcgi) 2↗2022-05-17

▶

OSV

CVE-2012-6687: FastCGI (aka fcgi and libfcgi) 2↗2015-02-19

▶

📋Vendor Advisories

Microsoft

CVE-2012-6687: Mariner: Mariner cve@mitre↗2024-06-11

▶

Red Hat

fcgi: numerous connections cause segfault DoS↗2012-07-14

▶

Debian

CVE-2012-6687: libfcgi - FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial o...↗2012

▶

💬Community

Bugzilla

CVE-2012-6687 fcgi: numerous connections cause segfault DoS↗2015-02-06

▶