CVE-2011-1027

cgit < 0.8.3.5 - Denial of Service via Invalid Hex Character Sequence

Title source: llm
STIX 2.1

Description

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

References (13)

Core 13
Core References
Mailing List, Patch vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/71005
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46756
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0667
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/07/3
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43788
Mailing List, Patch vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65919
Exploit, Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=680905
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43633
Broken Link mailing-list x_refsource_mlist
http://article.gmane.org/gmane.comp.version-control.git/168493

Scores

EPSS 0.0375
EPSS Percentile 88.4%

Details

CWE
CWE-193
Status published
Products (26)
fedoraproject/fedora 13
fedoraproject/fedora 14
fedoraproject/fedora 15
lars_hjemli/cgit 0.1
lars_hjemli/cgit 0.2
lars_hjemli/cgit 0.3
lars_hjemli/cgit 0.4
lars_hjemli/cgit 0.5
lars_hjemli/cgit 0.6
lars_hjemli/cgit 0.6.1
... and 16 more
Published Mar 20, 2011
Tracked Since Feb 18, 2026