CVE-2025-23016

CRITICAL Year: 2025
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-190
View all →

Vulnerability Description

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Related Vulnerabilities

CVE-2015-2310

CRITICAL
CVSS:9.1(Critical)

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory vi...

CWE-1902015

CVE-2017-2782

CRITICAL
CVSS:9.1(Critical)

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, le...

CWE-1902017

CVE-2019-16127

CRITICAL
CVSS:9.1(Critical)

Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

CWE-1902019

CVE-2020-36242

CRITICAL
CVSS:9.1(Critical)

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated...

CWE-1902020

CVE-2021-32714

CRITICAL
CVSS:9.1(Critical)

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This ...

CWE-1902021

CVE-2021-3402

CRITICAL
CVSS:9.1(Critical)

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure vi...

CWE-1902021