Fluid Attacks Database

Description

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	cgit	>=0 <0.11.2.git2.3.2-1.1	0.11.2.git2.3.2-1.1
debian 12	cgit	>=0 <0.11.2.git2.3.2-1.1	0.11.2.git2.3.2-1.1
debian 11	cgit	>=0 <0.11.2.git2.3.2-1.1	0.11.2.git2.3.2-1.1
debian 14	cgit	>=0 <0.11.2.git2.3.2-1.1	0.11.2.git2.3.2-1.1

Aliases

1. CVE-2016-19012. NVD-2016-19013. OSV-DEBIAN-2016-19014. OSV-2016-19015. SECURITY-TRACKER-CVE-2016-1901

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.