fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams

[email protected] reports: FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

CVE-2025-23016

FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

CLSA-2025-1736284126 haproxy: Fix of CVE-2023-0836

CVE-2023-0836: Fix information leak vulnerability in connection buffer by initializing 5 bytes in FCGIBEGINREQUEST record encoding...

PT-2025-4768

Name of the Vulnerable Software and Affected Versions FastCGI fcgi2 versions 2.x through 2.4.4 Description The issue is related to an integer overflow and a resultant heap-based buffer overflow in the FastCGI library, specifically in the ReadParams function in fcgiapp.c. This occurs when crafted...

php: PHP-FPM Log Manipulation Vulnerability

A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...

php: PHP-FPM Log Manipulation Vulnerability

A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...

The vulnerability of the OpenBSD operating system, related to the handling of the NULL pointer pointer during the processing of improperly formed fastcgi requests, allows a hacker to cause a service failure.

The vulnerability of the OpenBSD operating system is related to the handling of the NULL pointer pointer when processing improperly formed fastcgi requests. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

CVE-2024-11148

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd8 is vulnerable to a NULL dereference when handling a malformed fastcgi request...

CVE-2024-11148

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd8 is vulnerable to a NULL dereference when handling a malformed fastcgi request...

CVE-2024-11148

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd8 is vulnerable to a NULL dereference when handling a malformed fastcgi request...

CVE-2024-11148 OpenBSD httpd(8) null dereference

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd8 is vulnerable to a NULL dereference when handling a malformed fastcgi request...

CVE-2024-11148

CVE-2024-11148 affects OpenBSD 7.3 before errata 020 and OpenBSD 7.4 before errata 006, where httpd(8) is vulnerable to a NULL dereference when processing malformed FastCGI requests. The underlying issue is a null dereference in the HTTP server’s FastCGI handling path, leading to denial of servic...

CVE-2024-11148 OpenBSD httpd(8) null dereference

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd8 is vulnerable to a NULL dereference when handling a malformed fastcgi request...

OpenBSD 安全漏洞

OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD organization. A security vulnerability exists in OpenBSD versions prior to OpenBSD 7.4 errata 006 and OpenBSD versions prior to OpenBSD 7.3 errata 020, which stems from a NULL dereference in httpd8 when...

PHP-FPM logs from children may be altered

...

Security update for php7

This update for php7 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...

Exploit for OS Command Injection in Php

CVE-2024-4577-PHP-RCE Project Overview and Mechanism - Th...

OPENSUSE-SU-2024:10387-1 FastCGI-2.4.0-171.10 on GA media

These are all security issues fixed in the FastCGI-2.4.0-171.10 package on the GA media of openSUSE Tumbleweed...

BIT-TYPO3-2023-24814

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...