5

CVE-2011-1027

Exploit
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lars HjemliCgit Version <= 0.8.3.4
Lars HjemliCgit Version0.1
Lars HjemliCgit Version0.2
Lars HjemliCgit Version0.3
Lars HjemliCgit Version0.4
Lars HjemliCgit Version0.5
Lars HjemliCgit Version0.6
Lars HjemliCgit Version0.6.1
Lars HjemliCgit Version0.6.2
Lars HjemliCgit Version0.6.3
Lars HjemliCgit Version0.7
Lars HjemliCgit Version0.7.1
Lars HjemliCgit Version0.7.2
Lars HjemliCgit Version0.8
Lars HjemliCgit Version0.8.1
Lars HjemliCgit Version0.8.1.1
Lars HjemliCgit Version0.8.2
Lars HjemliCgit Version0.8.2.1
Lars HjemliCgit Version0.8.2.2
Lars HjemliCgit Version0.8.3
Lars HjemliCgit Version0.8.3.1
Lars HjemliCgit Version0.8.3.2
Lars HjemliCgit Version0.8.3.3
FedoraprojectFedora Version13
FedoraprojectFedora Version14
FedoraprojectFedora Version15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.75% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

http://article.gmane.org/gmane.comp.version-control.git/168493
Broken Link
http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e
Patch
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html
Patch
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html
Patch
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html
Mailing List
http://openwall.com/lists/oss-security/2011/03/07/3
Patch
Third Party Advisory
Mailing List
http://secunia.com/advisories/43633
Vendor Advisory
Broken Link
http://secunia.com/advisories/43788
Vendor Advisory
Broken Link
http://www.osvdb.org/71005
Broken Link
http://www.securityfocus.com/bid/46756
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2011/0667
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=680905
Patch
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/65919
Third Party Advisory
VDB Entry