AZL-61905

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61905.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-61905

Upstream

CVE-2025-40907

Published

2025-05-16T13:15:52Z

Modified

2026-04-21T04:31:52.988877Z

Summary

CVE-2025-40907 affecting package perl-FCGI 0.79-4

Details

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.

The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40907

Affected packages

Azure Linux:2 / perl-FCGI

Package

Name: perl-FCGI
Purl: pkg:rpm/azure-linux/perl-FCGI

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.79-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61905.json"