{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-16T07:06:47.917","vulnerabilities":[{"cve":{"id":"CVE-2025-23016","sourceIdentifier":"cve@mitre.org","published":"2025-01-10T12:15:25.480","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c."},{"lang":"es","value":"FastCGI fcgi2 (también conocido como fcgi) 2.x a 2.4.4 tiene un desbordamiento de enteros (y el desbordamiento de búfer basado en el montón resultante) a través de valores nameLen o valueLen manipulados en los datos del socket IPC. Esto ocurre en ReadParams en fcgiapp.c."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://github.com/FastCGI-Archives/fcgi2/issues/67","source":"cve@mitre.org"},{"url":"https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5","source":"cve@mitre.org"},{"url":"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2025/04/23/4","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}