{"id":"AZL-61905","summary":"CVE-2025-40907 affecting package perl-FCGI 0.79-4","details":"FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.\n\nThe included FastCGI library is affected by  CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.","modified":"2026-04-21T04:31:52.988877Z","published":"2025-05-16T13:15:52Z","upstream":["CVE-2025-40907"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40907"}],"affected":[{"package":{"name":"perl-FCGI","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/perl-FCGI"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.79-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61905.json"}}],"schema_version":"1.7.5"}