Debian Libfcgi-Perl vulnerabilities

CVE-2025-40907 [CRITICAL] CVE-2025-40907: libfcgi-perl - FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the F... FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. Scope: lo

CVE-2012-6687 [MEDIUM] CVE-2012-6687: libfcgi - FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial o... FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. Scope: local bookworm: resolved (fixed in 2.4.0-8.3) bullseye: resolved (fixed in 2.4.0-8.3) forky: resolved (fixed in 2.4.0-8.3) sid: resolved (fixed in 2.4.0-8.3) trixie: resolved (fixed in 2.4.0-8.3)

CVE-2011-2766 [HIGH] CVE-2011-2766: libfcgi-perl - The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast,... The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. Scope: local bookworm: resolved (fixed in 0.73-2) bullseye: resolved (fixed in 0.73-2) forky: resolved (fixed in 0.