CVE-2011-1027
First published: Mon Feb 28 2011(Updated: )
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lars Hjemli Cgit | =0.7.1 | |
| Lars Hjemli Cgit | =0.8.3.1 | |
| Lars Hjemli Cgit | =0.6.1 | |
| Lars Hjemli Cgit | =0.6 | |
| Lars Hjemli Cgit | =0.8 | |
| Lars Hjemli Cgit | =0.3 | |
| Lars Hjemli Cgit | =0.5 | |
| Lars Hjemli Cgit | =0.8.1.1 | |
| Lars Hjemli Cgit | =0.2 | |
| Lars Hjemli Cgit | =0.8.3.2 | |
| Lars Hjemli Cgit | =0.8.3 | |
| Lars Hjemli Cgit | =0.1 | |
| Lars Hjemli Cgit | =0.6.2 | |
| Lars Hjemli Cgit | =0.8.2.2 | |
| Lars Hjemli Cgit | =0.7.2 | |
| Lars Hjemli Cgit | =0.4 | |
| Lars Hjemli Cgit | =0.8.2 | |
| Lars Hjemli Cgit | =0.8.1 | |
| Lars Hjemli Cgit | =0.8.3.3 | |
| Lars Hjemli Cgit | <=0.8.3.4 | |
| Lars Hjemli Cgit | =0.8.2.1 | |
| Lars Hjemli Cgit | =0.7 | |
| Lars Hjemli Cgit | =0.6.3 | |
| Fedoraproject Fedora | =13 | |
| Fedoraproject Fedora | =14 | |
| Fedoraproject Fedora | =15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://article.gmane.org/gmane.comp.version-control.git/168493
- http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html
- http://openwall.com/lists/oss-security/2011/03/07/3
- http://secunia.com/advisories/43633
- http://secunia.com/advisories/43788
- http://www.osvdb.org/71005
- http://www.securityfocus.com/bid/46756
- http://www.vupen.com/english/advisories/2011/0667
- https://bugzilla.redhat.com/show_bug.cgi?id=680905
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65919
- http://git.gnome.org/browse/gdlmm/commit/?id=%gg
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=481360&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=481360&action=edit
- https://access.redhat.com/security/cve/CVE-2011-1027
- http://hjemli.net/git/cgit/commit/?id=fc384b16fb9787380746000d3cea2d53fccc548e
- http://thread.gmane.org/gmane.comp.version-control.git/168493
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1027
- agent/tags
- agent/remedy
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/lars hjemli
- canonical/lars hjemli cgit
- version/lars hjemli cgit/0.7.1
- version/lars hjemli cgit/0.8.3.1
- version/lars hjemli cgit/0.6.1
- version/lars hjemli cgit/0.6
- version/lars hjemli cgit/0.8
- version/lars hjemli cgit/0.3
- version/lars hjemli cgit/0.5
- version/lars hjemli cgit/0.8.1.1
- version/lars hjemli cgit/0.2
- version/lars hjemli cgit/0.8.3.2
- version/lars hjemli cgit/0.8.3
- version/lars hjemli cgit/0.1
- version/lars hjemli cgit/0.6.2
- version/lars hjemli cgit/0.8.2.2
- version/lars hjemli cgit/0.7.2
- version/lars hjemli cgit/0.4
- version/lars hjemli cgit/0.8.2
- version/lars hjemli cgit/0.8.1
- version/lars hjemli cgit/0.8.3.3
- version/lars hjemli cgit/0.8.3.4
- version/lars hjemli cgit/0.8.2.1
- version/lars hjemli cgit/0.7
- version/lars hjemli cgit/0.6.3
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/13
- version/fedoraproject fedora/14
- version/fedoraproject fedora/15