CVE-2011-1027

Lars Hjemli Cgit < 0.8.3.4 - Denial of Service

Title source: rule

Description

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

References (13)

[Mailing List, Patch] http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html

[Broken Link] http://www.osvdb.org/71005

[Mailing List] http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46756

[Broken Link] http://www.vupen.com/english/advisories/2011/0667

[Mailing List, Patch, Third Party Advisory] http://openwall.com/lists/oss-security/2011/03/07/3

[Broken Link, Vendor Advisory] http://secunia.com/advisories/43788

[Mailing List, Patch] http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/65919

[Exploit, Issue Tracking, Patch] https://bugzilla.redhat.com/show_bug.cgi?id=680905

[Broken Link, Vendor Advisory] http://secunia.com/advisories/43633

[Broken Link] http://article.gmane.org/gmane.comp.version-control.git/168493

[Broken Link, Patch] http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e

Scores

EPSS 0.0519

EPSS Percentile 90.0%

Details

CWE

CWE-193

Status published

Products (26)

fedoraproject/fedora 13

fedoraproject/fedora 14

fedoraproject/fedora 15

lars_hjemli/cgit 0.1

lars_hjemli/cgit 0.2

lars_hjemli/cgit 0.3

lars_hjemli/cgit 0.4

lars_hjemli/cgit 0.5

lars_hjemli/cgit 0.6

lars_hjemli/cgit 0.6.1

... and 16 more

Published Mar 20, 2011

Tracked Since Feb 18, 2026