diff --git a/CHANGES-FCGID b/CHANGES-FCGID
index 06dfde4..90ed060 100644
--- a/CHANGES-FCGID
+++ b/CHANGES-FCGID
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with mod_fcgid 2.3.6
 
+  *) SECURITY: CVE-2010-3872 (cve.mitre.org)
+     Fix possible stack buffer overwrite.  Diagnosed by the reporter.
+     PR 49406.  [Edgar Frank <ef-lists email.de>]
+
   *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
      Administrators should change this to an appropriate value based on
      site requirements.  [Jeff Trawick]
diff --git a/modules/fcgid/fcgid_bucket.c b/modules/fcgid/fcgid_bucket.c
index 9f3d55d..7313f29 100644
--- a/modules/fcgid/fcgid_bucket.c
+++ b/modules/fcgid/fcgid_bucket.c
@@ -96,7 +96,7 @@ static apr_status_t fcgid_header_bucket_read(apr_bucket * b,
 
         /* Initialize header */
         putsize = fcgid_min(bufferlen, sizeof(header) - hasread);
-        memcpy(&header + hasread, buffer, putsize);
+        memcpy((apr_byte_t *)&header + hasread, buffer, putsize);
         hasread += putsize;
 
         /* Ignore the bytes that have read */