CVE-2010-3872

Published: Nov 22, 2010Modified: Apr 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: secalert@redhat.com (Secondary)

Description

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

Affected (5)

Products: Apache: Mod Fcgid

Apache

1 product

Mod Fcgid

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apache Mod Fcgid	Up to 2.3.5
Apache Mod Fcgid	Version 2.3.1
Apache Mod Fcgid	Version 2.3.2
Apache Mod Fcgid	Version 2.3.3
Apache Mod Fcgid	Version 2.3.4

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-189

References (40)

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html

Source: secalert@redhat.com

http://osvdb.org/69275

Source: secalert@redhat.com

http://secunia.com/advisories/42288

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/42302

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/42815

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-2140

Source: secalert@redhat.com

http://www.gossamer-threads.com/lists/apache/announce/391406

Source: secalert@redhat.com

http://www.securityfocus.com/bid/44900

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/2997

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2998

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0031

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2010-3872

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248172

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/63303

Source: secalert@redhat.com

https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2

Source: secalert@redhat.com

https://issues.apache.org/bugzilla/show_bug.cgi?id=49406

Source: secalert@redhat.com

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html