Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
22 Dec 2023, 18:50
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-193 | |
References | (MLIST) http://article.gmane.org/gmane.comp.version-control.git/168493 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0667 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/43633 - Broken Link, Vendor Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=680905 - Exploit, Issue Tracking, Patch | |
References | (OSVDB) http://www.osvdb.org/71005 - Broken Link | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/65919 - Third Party Advisory, VDB Entry | |
References | (MLIST) http://openwall.com/lists/oss-security/2011/03/07/3 - Mailing List, Patch, Third Party Advisory | |
References | (CONFIRM) http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e - Broken Link, Patch | |
References | (SECUNIA) http://secunia.com/advisories/43788 - Broken Link, Vendor Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html - Mailing List, Patch | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html - Mailing List | |
References | (BID) http://www.securityfocus.com/bid/46756 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html - Mailing List, Patch | |
CPE | cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject fedora
Fedoraproject |
Information
Published : 2011-03-20 02:00
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1027
Mitre link : CVE-2011-1027
CVE.ORG link : CVE-2011-1027
JSON object : View
Products Affected
fedoraproject
- fedora
lars_hjemli
- cgit
CWE
CWE-193
Off-by-one Error