CVE-2013-4365

Published: Oct 17, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

Affected (10)

Products: Apache: Mod Fcgid · Debian: Debian Linux · Opensuse: Opensuse · +1 more

Show all products

Apache: Mod Fcgid · Debian: Debian Linux · Opensuse: Opensuse · Suse: Cloud, Linux Enterprise Software Development Kit

1 product

1 product

1 product

2 products

Linux Enterprise Software Development Kit

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apache Mod Fcgid	Before 2.3.9

Running on/with	Platform Versions
Apache Http Server	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.2
Opensuse Opensuse	Version 12.3
Suse Cloud	Version 1.0
Suse Cloud	Version 2.0
Suse Linux Enterprise Software Development Kit	Version 11 sp2
Suse Linux Enterprise Software Development Kit	Version 11 sp3

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/55197

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/viewvc?view=revision&revision=1527362

Source: secalert@redhat.com

PatchVendor Advisory

http://www.debian.org/security/2013/dsa-2778

Source: secalert@redhat.com

Third Party Advisory

http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/62939

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://secunia.com/advisories/55197

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://svn.apache.org/viewvc?view=revision&revision=1527362

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.debian.org/security/2013/dsa-2778

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/62939

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.