CVE-2012-4465 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-4465 PUBLISHED CVSS 6.5 MEDIUM

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.

EPSS 3.46% · 87.4th percentile

Risk Scores

CVSS v2.0

6.5

EPSS Score

3.46%

87.4th percentile

Affected Products

Vendor	Product	Versions
lars_hjemli	cgit	0.9.0.2, 0, 0.1
n/a	n/a	n/a

Timeline

Oct 10, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

[oss-security] 20120930 cgit: heap buffer overflow mailing-list
http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec url
[cgit] 20120703 avoid stack-smash when processing unusual commit mailing-list
https://bugzilla.redhat.com/show_bug.cgi?id=820733 url
50734 third-party-advisory
55724 vdb
[oss-security] 20121003 Re: cgit: heap buffer overflow mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2012-4465 advisory

Open in Interactive Console →