PT-2016-4914 · Cgit · Cgit

Cabetas

Published

2016-01-20

Updated

2024-06-15

CVE-2016-1901

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CGit versions prior to 0.12

Description The issue is related to an integer overflow in the authenticate post function, which can be triggered by a large value in the Content-Length HTTP header. This leads to a buffer overflow, allowing remote attackers to have an unspecified impact.

Recommendations For versions prior to 0.12, update to version 0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the authenticate post function to minimize the risk of exploitation. Avoid using large values in the Content-Length HTTP header until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2016-1901

DSA-3545-1

MGASA-2016-0047

OPENSUSE-SU-2024:10137-1

Affected Products

Cgit

PT-2016-4914 · Cgit · Cgit

CVE-2016-1901

Weakness Enumeration

Related Identifiers

Affected Products

References · 37