AI description
CVE-2025-23016 affects FastCGI fcgi2 (aka fcgi) versions 2.x through 2.4.4. It involves an integer overflow vulnerability within the `ReadParams` function in `fcgiapp.c`. This overflow occurs when processing `nameLen` or `valueLen` values from data sent to the IPC socket. The integer overflow can lead to a heap-based buffer overflow. Specifically, the overflow happens during the calculation of `nameLen + valueLen`, potentially resulting in a smaller-than-required buffer being allocated.
- Description
- FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-190
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
13
🚨 Critical FastCGI Vulnerability (#CVE-2025-23016) Exposes Embedded Devices to Remote Code Execution https://t.co/tkED5EvqPG
@UndercodeNews
28 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: FastCGI Heap Overflow Vulnerability 📅 Timeline: Disclosure: 2025-01-10, Patch: 2025-04-24 🆔 CVE: CVE-2025-23016 📊 Base Score: 9.4 (Critical 🔴) 📏 CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 📈 EPSS Percentile: 4.85% 🛠
@syedaquib77
28 Apr 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
CVE-2025-23016: Critical FastCGI Heap Overflow Threatens Embedded Devices, PoC Releases https://t.co/MQK69VnH5y
@the_yellow_fall
28 Apr 2025
1812 Impressions
14 Retweets
48 Likes
23 Bookmarks
0 Replies
0 Quotes
FastCGIライブラリに存在する重大な脆弱性(CVE-2025-23016)が報告された。この脆弱性はパラメータ長の不適切な処理に起因し、ヒープオーバーフローを引き起こす可能性がある。 特にカメラや組込み機器などの
@yousukezan
28 Apr 2025
2595 Impressions
9 Retweets
20 Likes
3 Bookmarks
1 Reply
0 Quotes
CVE-2025-23016 (CVSS:9.3, CRITICAL) is Awaiting Analysis. FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafte..https://t.co/yI8EQ6nnJB #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
15 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-23016 - https://t.co/jvPS530fTg #OSINT #ThreatIntel #CyberSecurity #cve_2025_23016
@RedPacketSec
11 Jan 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23016 Integer Overflow Leading to Heap Buffer Overflow in FastCGI 2.4.4 FastCGI fcgi2 (version 2.x up to 2.4.4) has an integer overflow vulnerability. This leads to a heap-based buffer overflow. The issu... https://t.co/BgKzFkU0BP
@VulmonFeeds
10 Jan 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-23016 | FastCGI fcgi2 up to 2.4.4 fcgiapp.c nameLen/valueLen integer overflow (Issue 67)) has been published on https://t.co/GP4T7hTBYr
@WolfgangSesin
10 Jan 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-23016: CRITICAL] FastCGI fcgi2 2.x through 2.4.4 has a critical vulnerability allowing an overflow attack via manipulated values in data to the IPC socket. #cybersecurity#cybersecurity,#vulnerability https://t.co/7BDS4JMCbS https://t.co/ooLq6ZaHuh
@CveFindCom
10 Jan 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23016 FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IP… https://t.co/65YDTcNLq7
@CVEnew
10 Jan 2025
450 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes