CVE-2013-4365

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
apachemod_fcgid
𝑥
< 2.3.9
debiandebian_linux
6.0
debiandebian_linux
7.0
susecloud
1.0
susecloud
2.0
opensuseopensuse
11.4
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache2-mod-fcgid
sid
1:2.3.9-4
fixed
trixie
1:2.3.9-4
fixed
bookworm
1:2.3.9-4
fixed
bullseye
1:2.3.9-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libapache2-mod-fcgid
saucy
Fixed 1:2.3.9-1
released
raring
Fixed 1:2.3.7-0ubuntu2.13.04.1
released
quantal
Fixed 1:2.3.7-0ubuntu2.12.10.1
released
precise
Fixed 1:2.3.6-1.1ubuntu0.1
released
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
http://secunia.com/advisories/55197
http://svn.apache.org/viewvc?view=revision&revision=1527362
http://www.debian.org/security/2013/dsa-2778
http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html
http://www.securityfocus.com/bid/62939
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
http://secunia.com/advisories/55197
http://svn.apache.org/viewvc?view=revision&revision=1527362
http://www.debian.org/security/2013/dsa-2778
http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html
http://www.securityfocus.com/bid/62939