{"id":"AZL-55397","summary":"CVE-2025-23016 affecting package fcgi for versions less than 2.4.5-1","details":"FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.","modified":"2026-04-21T04:35:53.708986Z","published":"2025-01-10T12:15:25Z","upstream":["CVE-2025-23016"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23016"}],"affected":[{"package":{"name":"fcgi","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/fcgi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.5-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55397.json"}}],"schema_version":"1.7.5"}