QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1027

Published: Mar 20, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2011-2803

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_OSVDB

FEDORA-2011-2790

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

[oss-security] 20110307 cgit convert_query_hexchar infinite loop (CVE-2011-1027)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

FEDORA-2011-2815

vendor-advisory

x_refsource_FEDORA

cgit-convertqueryhexchar-dos(65919)

vdb-entry

x_refsource_XF

https://bugzilla.redhat.com/show_bug.cgi?id=680905

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

[git] 20110305 [ANNOUNCE] CGIT 0.8.3.5

mailing-list

x_refsource_MLIST

http://hjemli.net/git/cgit/commit/?h=stable&id=fc384b16fb9787380746000d3cea2d53fccc548e

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.