FCGI-0.74

Security Advisories (1)

CVE-2025-40907 (2025-05-16)

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

http://www.openwall.com/lists/oss-security/2025/04/23/4
https://github.com/FastCGI-Archives/fcgi2/issues/67
https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5
https://github.com/perl-catalyst/FCGI/issues/14
https://patch-diff.githubusercontent.com/raw/FastCGI-Archives/fcgi2/pull/74.patch
https://www.synacktiv.com/en/publications/cve-2025-23016-exploiting-the-fastcgi-library

Changes for version 0.74

o Stop leaking information across requests when using the deprecated and undocumented old FCGI interface. This is CVE-2011-2766. o Only discard input stream if FCGI_KEEP_CONN is set in FCGI_BeginRequestBody flags.

Documentation

FCGI

Fast CGI module

Provides

FCGI

in version.pm

Other files

ChangeLog
MANIFEST
META.json
META.yml
Makefile.PL
README

To install FCGI, copy and paste the appropriate command in to your terminal.

cpanm

cpanm FCGI

CPAN shell

perl -MCPAN -e shell
install FCGI

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.74

Documentation

Provides

Other files

Module Install Instructions