What is CVE-2010-3872?

CVE-2010-3872 is a high-severity vulnerability in Apache Mod_fcgid, classified under Stack-based Buffer Overflow. CVSS score: 7.5/10. Published 2010-11-22.

How severe is CVE-2010-3872?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Apache Mod_fcgid

CVE-2010-3872

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application cr…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (76.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Apache Mod_fcgid — versions 2.3.2, 2.3.3, 2.3.4
Fedora
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
N/a Mod_fcgid — versions 2.3.6

Weakness classification (CWE)

References

FEDORA-2010-17474 (x_refsource_FEDORA, vendor-advisory)
FEDORA-2010-17434 (x_refsource_FEDORA, vendor-advisory)
FEDORA-2010-17472 (x_refsource_FEDORA, vendor-advisory)
openSUSE-SU-2011:0884 (vendor-advisory, x_refsource_SUSE)
SUSE-SU-2011:0885 (vendor-advisory, x_refsource_SUSE)
69275 (x_refsource_OSVDB, vdb-entry)
42288 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
42302 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
42815 (x_refsource_SECUNIA, third-party-advisory)
DSA-2140 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2010-3872?: CVE-2010-3872 is a high-severity vulnerability in Apache Mod_fcgid, classified under Stack-based Buffer Overflow. CVSS score: 7.5/10. Published 2010-11-22.
How severe is CVE-2010-3872?: High severity. CVSS v3 base score is 7.5 out of 10.