CVE-2010-3872

Published: 22 November 2010

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

Priority

Status

Package	Release	Status
libapache2-mod-fcgid Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Released (1:2.2-1ubuntu0.8.04.1)
	karmic	Released (1:2.2-1ubuntu0.9.10.1)
	lucid	Released (1:2.3.4-2ubuntu0.2)
	maverick	Released (1:2.3.5-2ubuntu0.1)
	upstream	Released (2.3.6)
	Patches: upstream: https://svn.apache.org/viewvc?view=revision&revision=1030894

References

https://www.cve.org/CVERecord?id=CVE-2010-3872
NVD
Launchpad
Debian

Bugs

https://issues.apache.org/bugzilla/show_bug.cgi?id=49406

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›