CVE-2013-4365

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
apachemod_fcgid
𝑥
< 2.3.9
debiandebian_linux
6.0
debiandebian_linux
7.0
susecloud
1.0
susecloud
2.0
opensuseopensuse
11.4
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache2-mod-fcgid
bookworm
1:2.3.9-4
fixed
bullseye
1:2.3.9-4
fixed
sid
1:2.3.9-4
fixed
trixie
1:2.3.9-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libapache2-mod-fcgid
lucid
ignored
precise
Fixed 1:2.3.6-1.1ubuntu0.1
released
quantal
Fixed 1:2.3.7-0ubuntu2.12.10.1
released
raring
Fixed 1:2.3.7-0ubuntu2.13.04.1
released
saucy
Fixed 1:2.3.9-1
released
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
mod24_fcgid
Amazon Linux 1
0:2.3.9-1.7.amzn1
fixed
mod24_fcgid-debuginfo
Amazon Linux 1
0:2.3.9-1.7.amzn1
fixed
mod_fcgid
Amazon Linux 1
0:2.3.9-1.6.amzn1
fixed
mod_fcgid-debuginfo
Amazon Linux 1
0:2.3.9-1.6.amzn1
fixed