CVE-2016-1901

moderate-risk
Published 2016-01-20

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

Do I need to act?

~
4.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 4458abf64172a62b92810c2293450106e6dfc763
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Cgit

Affected Vendors

Cgit Project Fedoraproject

References (18)

http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.ht...
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.ht...
http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
Patch http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
http://www.debian.org/security/2016/dsa-3545
Exploit http://www.openwall.com/lists/oss-security/2016/01/14/3
Patch http://www.openwall.com/lists/oss-security/2016/01/14/6
http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.ht...
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.ht...
http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
Patch http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
http://www.debian.org/security/2016/dsa-3545
Exploit http://www.openwall.com/lists/oss-security/2016/01/14/3
Patch http://www.openwall.com/lists/oss-security/2016/01/14/6
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 7/34 · Low