CVE-2010-3872

NameCVE-2010-3872
DescriptionThe fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2140-1
Debian Bugs605484

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libapache2-mod-fcgid (PTS)trixie, sid, buster, bookworm, bullseye1:2.3.9-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libapache2-mod-fcgidsourcelenny1:2.2-1+lenny1DSA-2140-1
libapache2-mod-fcgidsource(unstable)1:2.3.6-1605484
Search for package or bug name: Reporting problems