Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4465

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-4465
Last Modified 29 Jan 2013 11:54:55
Published 10 Oct 2012 02:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4465

Summary

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.

Vulnerable Systems

Application

  • Lars Hjemli Cgit 0.1

  • Lars Hjemli Cgit 0.2

  • Lars Hjemli Cgit 0.3

  • Lars Hjemli Cgit 0.4

  • Lars Hjemli Cgit 0.5

  • Lars Hjemli Cgit 0.6

  • Lars Hjemli Cgit 0.6.1

  • Lars Hjemli Cgit 0.6.2

  • Lars Hjemli Cgit 0.6.3

  • Lars Hjemli Cgit 0.7

  • Lars Hjemli Cgit 0.7.1

  • Lars Hjemli Cgit 0.7.2

  • Lars Hjemli Cgit 0.8

  • Lars Hjemli Cgit 0.8.1

  • Lars Hjemli Cgit 0.8.1.1

  • Lars Hjemli Cgit 0.8.2

  • Lars Hjemli Cgit 0.8.2.1

  • Lars Hjemli Cgit 0.8.2.2

  • Lars Hjemli Cgit 0.8.3

  • Lars Hjemli Cgit 0.8.3.1

  • Lars Hjemli Cgit 0.8.3.2

  • Lars Hjemli Cgit 0.8.3.3

  • Lars Hjemli Cgit 0.8.3.4

  • Lars Hjemli Cgit 0.8.3.5

  • Lars Hjemli Cgit 0.9

  • Lars Hjemli Cgit 0.9.0.1

  • Lars Hjemli Cgit 0.9.0.2

  • Lars Hjemli Cgit 0.9.0.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=820733

MLIST - [oss-security] 20121003 Re: cgit: heap buffer overflow

MLIST - [oss-security] 20120930 cgit: heap buffer overflow

SECUNIA - 50734

MLIST - [cgit] 20120703 avoid stack-smash when processing unusual commit

CONFIRM - http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec

BID - 55724


Last Updated: 27 May 2016 11:00:58