CVE-2005-3254
CVE-2005-3254 is a critical-severity vulnerability in Nathan Neulinger Cgiwrap with a CVSS 2.0 base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 3% (84th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Nathan Neulinger Cgiwrap
- Published:
- Last modified:
Description
The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.
Frequently asked questions
- What is CVE-2005-3254?
- The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.
- How severe is CVE-2005-3254?
- CVE-2005-3254 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2005-3254 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (84th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-3254?
- CVE-2005-3254 primarily affects Nathan Neulinger Cgiwrap. In total, 29 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-3254?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2005-3254 published?
- CVE-2005-3254 was published on 2005-10-18 and last updated on 2026-06-16.
References
Affected products (29)
- cpe:2.3:a:nathan_neulinger:cgiwrap:1.0:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.0:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.1:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.2:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.3:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.4:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.5:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.6:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:2.7:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.0:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.1:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.2:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.3:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.4:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.5:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.6:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.1:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.2:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.3:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.4:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.6.5:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.7:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.7.1:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.8:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.11:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.21:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.22:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.23:*:debian_gnu_linux:*:*:*:*:*
- cpe:2.3:a:nathan_neulinger:cgiwrap:3.24:*:debian_gnu_linux:*:*:*:*:*
More vulnerabilities in Nathan Neulinger Cgiwrap
- CVE-2001-0987 — High (CVSS 7.5): Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on…
- CVE-2006-0767 — Medium (CVSS 5.0): CGIWrap before 3.10 allows remote attackers to obtain sensitive information via unknown attack vectors that cause…
- CVE-2008-2852 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows…