CVE-2011-1027

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1027
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://article.gmane.org/gmane.comp.version-control.git/168493 Broken Link
http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e Broken Link Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html Mailing List Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html Mailing List Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html Mailing List
http://openwall.com/lists/oss-security/2011/03/07/3 Mailing List Patch Third Party Advisory
http://secunia.com/advisories/43633 Broken Link Vendor Advisory
http://secunia.com/advisories/43788 Broken Link Vendor Advisory
http://www.osvdb.org/71005 Broken Link
http://www.securityfocus.com/bid/46756 Broken Link Exploit Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0667 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=680905 Exploit Issue Tracking Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65919 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:lars_hjemli:cgit:*:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.1:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.2:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.3:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.4:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.5:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.6:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.7:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:lars_hjemli:cgit:0.8.3.3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
History

22 Dec 2023, 18:50

Type Values Removed Values Added
CWE CWE-189 CWE-193
References (MLIST) http://article.gmane.org/gmane.comp.version-control.git/168493 - (MLIST) http://article.gmane.org/gmane.comp.version-control.git/168493 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2011/0667 - (VUPEN) http://www.vupen.com/english/advisories/2011/0667 - Broken Link
References (SECUNIA) http://secunia.com/advisories/43633 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/43633 - Broken Link, Vendor Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=680905 - Exploit, Patch (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=680905 - Exploit, Issue Tracking, Patch
References (OSVDB) http://www.osvdb.org/71005 - (OSVDB) http://www.osvdb.org/71005 - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/65919 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/65919 - Third Party Advisory, VDB Entry
References (MLIST) http://openwall.com/lists/oss-security/2011/03/07/3 - Patch (MLIST) http://openwall.com/lists/oss-security/2011/03/07/3 - Mailing List, Patch, Third Party Advisory
References (CONFIRM) http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e - Patch (CONFIRM) http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e - Broken Link, Patch
References (SECUNIA) http://secunia.com/advisories/43788 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/43788 - Broken Link, Vendor Advisory
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html - Patch (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html - Mailing List, Patch
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html - Mailing List
References (BID) http://www.securityfocus.com/bid/46756 - Exploit (BID) http://www.securityfocus.com/bid/46756 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html - Patch (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html - Mailing List, Patch
CPE cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
First Time Fedoraproject fedora
Fedoraproject
Information

Published : 2011-03-20 02:00

Updated : 2024-02-28 11:41

NVD link : CVE-2011-1027

Mitre link : CVE-2011-1027

CVE.ORG link : CVE-2011-1027

JSON object : View

Products Affected

fedoraproject

  • fedora

lars_hjemli

  • cgit
CWE
CWE-193

Off-by-one Error


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024