Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2011-03-20T01:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2011-02-14T00:00:00
Link: CVE-2011-1027
JSON object: View
NVD Information
Status : Analyzed
Published: 2011-03-20T02:00:04.017
Modified: 2023-12-22T18:50:00.177
Link: CVE-2011-1027
JSON object: View
Redhat Information
No data.
CWE