Buffer overflow in Apache Http_server
CVE-2013-4365
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
Vulnerability class: Buffer Overflow
EPSS: 0.067 (91.4th percentile) — read the EPSS interpretation.
Affected products
- Apache Http_server
- Apache Mod_fcgid
- Debian Debian_linux — versions 6.0, 7.0
- Opensuse — versions 11.4, 12.2, 12.3
- Suse Cloud — versions 1.0, 2.0
- Suse Linux_enterprise_software_development_kit — versions 11
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 55197 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- openSUSE-SU-2013:1613 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2013:1609 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- DSA-2778 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 62939 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- openSUSE-SU-2013:1664 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- SUSE-SU-2013:1667 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- [dev] 20131008 [ANNOUNCE] mod_fcgid 2.3.9 released (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2013-4365?
- CVE-2013-4365 is a vulnerability in Apache Http_server, classified under Out-of-bounds Write. Published 2013-10-17.
- Is CVE-2013-4365 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.