CVE-2010-3872
HIGHmod_fcgid - Stack-based Buffer Overflow in fcgid_header_bucket_read
Title source: llmDescription
A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.
References (20)
Core 20
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/69275
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42288
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42302
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42815
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2140
Various Sources mailing-list
x_refsource_mlist
http://www.gossamer-threads.com/lists/apache/announce/391406
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44900
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2997
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2998
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0031
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2010-3872
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2248172
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/63303
Patch x_refsource_confirm
https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
Scores
CVSS v3
7.5
EPSS
0.0094
EPSS Percentile
76.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-121
CWE-189
Status
published
Products (10)
apache/mod_fcgid
2.3.1
apache/mod_fcgid
2.3.2
apache/mod_fcgid
2.3.3
apache/mod_fcgid
2.3.4
apache/mod_fcgid
< 2.3.5
Fedora/Fedora
n/a/mod_fcgid
2.3.6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Published
Nov 22, 2010
Tracked Since
Feb 18, 2026