{"containers":{"cna":{"title":"Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash."}],"affected":[{"product":"mod_fcgid","vendor":"n/a","versions":[{"version":"2.3.6","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mod_fcgid","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mod_fcgid","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mod_fcgid","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"product":"Fedora","vendor":"Fedora","collectionURL":"https://packages.fedoraproject.org/","packageName":"mod_fcgid","defaultStatus":"unaffected"}],"references":[{"name":"FEDORA-2010-17474","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html"},{"name":"FEDORA-2010-17434","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html"},{"name":"FEDORA-2010-17472","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html"},{"name":"openSUSE-SU-2011:0884","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html"},{"name":"SUSE-SU-2011:0885","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html"},{"name":"69275","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/69275"},{"name":"42288","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/42288"},{"name":"42302","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/42302"},{"name":"42815","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/42815"},{"name":"DSA-2140","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2010/dsa-2140"},{"name":"[apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.gossamer-threads.com/lists/apache/announce/391406"},{"name":"44900","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/44900"},{"name":"ADV-2010-2997","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/2997"},{"name":"ADV-2010-2998","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/2998"},{"name":"ADV-2011-0031","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2011/0031"},{"url":"https://access.redhat.com/security/cve/CVE-2010-3872","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248172","name":"RHBZ#2248172","tags":["issue-tracking","x_refsource_REDHAT"]},{"name":"apache-fcgid-bo(63303)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/63303"},{"url":"https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=49406"}],"datePublic":"2010-06-08T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-121","description":"Stack-based Buffer Overflow","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-121: Stack-based Buffer Overflow","timeline":[{"lang":"en","time":"2023-10-17T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2010-06-08T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2024-01-25T05:17:45.315Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T03:26:12.242Z"},"title":"CVE Program Container","references":[{"name":"FEDORA-2010-17474","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html"},{"name":"FEDORA-2010-17434","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html"},{"name":"FEDORA-2010-17472","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html"},{"name":"openSUSE-SU-2011:0884","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html"},{"name":"SUSE-SU-2011:0885","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html"},{"name":"69275","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/69275"},{"name":"42288","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/42288"},{"name":"42302","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/42302"},{"name":"42815","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/42815"},{"name":"DSA-2140","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2010/dsa-2140"},{"name":"[apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.gossamer-threads.com/lists/apache/announce/391406"},{"name":"44900","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/44900"},{"name":"ADV-2010-2997","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/2997"},{"name":"ADV-2010-2998","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/2998"},{"name":"ADV-2011-0031","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2011/0031"},{"url":"https://access.redhat.com/security/cve/CVE-2010-3872","tags":["vdb-entry","x_refsource_REDHAT","x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248172","name":"RHBZ#2248172","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"]},{"name":"apache-fcgid-bo(63303)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/63303"},{"url":"https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2","tags":["x_transferred"]},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=49406"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2010-3872","datePublished":"2010-11-20T20:00:00.000Z","dateReserved":"2010-10-08T00:00:00.000Z","dateUpdated":"2024-08-07T03:26:12.242Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}