CVE Reference: CVE-2012-4465

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-4465

Description:
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA50734

MLIST
  http://www.openwall.com/lists/oss-security/2012/10/03/7
  http://www.openwall.com/lists/oss-security/2012/09/30/1
  http://hjemli.net/pipermail/cgit/2012-July/000652.html

MISC

CONFIRM
  http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec

BID
  55724


Return to the previous page.