CVE-2013-4365

EUVD-2013-4248
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
apachemod_fcgid
𝑥
< 2.3.9
debiandebian_linux
6.0
debiandebian_linux
7.0
susecloud
1.0
susecloud
2.0
opensuseopensuse
11.4
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache2-mod-fcgid
bookworm
1:2.3.9-4
fixed
bullseye
1:2.3.9-4
fixed
sid
1:2.3.9-4
fixed
trixie
1:2.3.9-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libapache2-mod-fcgid
lucid
ignored
precise
Fixed 1:2.3.6-1.1ubuntu0.1
released
quantal
Fixed 1:2.3.7-0ubuntu2.12.10.1
released
raring
Fixed 1:2.3.7-0ubuntu2.13.04.1
released
saucy
Fixed 1:2.3.9-1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
http://secunia.com/advisories/55197
http://svn.apache.org/viewvc?view=revision&revision=1527362
http://www.debian.org/security/2013/dsa-2778
http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html
http://www.securityfocus.com/bid/62939
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
http://secunia.com/advisories/55197
http://svn.apache.org/viewvc?view=revision&revision=1527362
http://www.debian.org/security/2013/dsa-2778
http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html
http://www.securityfocus.com/bid/62939