CVE-2012-4465

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
lars_hjemlicgit
𝑥
≤ 0.9.0.3
lars_hjemlicgit
0.1
lars_hjemlicgit
0.2
lars_hjemlicgit
0.3
lars_hjemlicgit
0.4
lars_hjemlicgit
0.5
lars_hjemlicgit
0.6
lars_hjemlicgit
0.6.1
lars_hjemlicgit
0.6.2
lars_hjemlicgit
0.6.3
lars_hjemlicgit
0.7
lars_hjemlicgit
0.7.1
lars_hjemlicgit
0.7.2
lars_hjemlicgit
0.8
lars_hjemlicgit
0.8.1
lars_hjemlicgit
0.8.1.1
lars_hjemlicgit
0.8.2
lars_hjemlicgit
0.8.2.1
lars_hjemlicgit
0.8.2.2
lars_hjemlicgit
0.8.3
lars_hjemlicgit
0.8.3.1
lars_hjemlicgit
0.8.3.2
lars_hjemlicgit
0.8.3.3
lars_hjemlicgit
0.8.3.4
lars_hjemlicgit
0.8.3.5
lars_hjemlicgit
0.9
lars_hjemlicgit
0.9.0.1
lars_hjemlicgit
0.9.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cgit
bullseye
1.2.3+git2.25.1-1
fixed
bookworm
1.2.3+git20221219.50.91f2590+git2.39.1-1
fixed
sid
1.2.3+git20240802.70.09d24d7+git2.46.0-1
fixed
trixie
1.2.3+git20240802.70.09d24d7+git2.46.0-1
fixed
Common Weakness Enumeration
References
http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec
http://hjemli.net/pipermail/cgit/2012-July/000652.html
http://secunia.com/advisories/50734
http://www.openwall.com/lists/oss-security/2012/09/30/1
http://www.openwall.com/lists/oss-security/2012/10/03/7
http://www.securityfocus.com/bid/55724
https://bugzilla.redhat.com/show_bug.cgi?id=820733
http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec
http://hjemli.net/pipermail/cgit/2012-July/000652.html
http://secunia.com/advisories/50734
http://www.openwall.com/lists/oss-security/2012/09/30/1
http://www.openwall.com/lists/oss-security/2012/10/03/7
http://www.securityfocus.com/bid/55724
https://bugzilla.redhat.com/show_bug.cgi?id=820733