Your submission was sent successfully! Close

CVE-2016-1901

Published: 20 January 2016

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
cgit
Launchpad, Ubuntu, Debian
Upstream
Released (0.11.2.git2.3.2-1.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.11.2.git2.3.2-1.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(0.11.2.git2.3.2-1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763