CVE-2016-1901 - OpenCVE

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cgit Project	Cgit
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html	Patch
http://www.debian.org/security/2016/dsa-3545
http://www.openwall.com/lists/oss-security/2016/01/14/3	Exploit
http://www.openwall.com/lists/oss-security/2016/01/14/6	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-01-20T16:00:00

Updated: 2016-12-05T14:57:01

Reserved: 2016-01-14T00:00:00

Link: CVE-2016-1901

JSON object: View

NVD Information

Status : Modified

Published: 2016-01-20T16:59:05.880

Modified: 2016-12-07T18:33:10.217

Link: CVE-2016-1901

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"name": "openSUSE-SU-2016:0218", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"name": "FEDORA-2016-e5a5fb196f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"}, {"name": "openSUSE-SU-2016:0196", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}, {"name": "DSA-3545", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3545"}, {"name": "FEDORA-2016-215b507409", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1901", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"name": "openSUSE-SU-2016:0218", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released", "refsource": "MLIST", "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"name": "FEDORA-2016-e5a5fb196f", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"name": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763", "refsource": "CONFIRM", "url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"}, {"name": "openSUSE-SU-2016:0196", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}, {"name": "DSA-3545", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3545"}, {"name": "FEDORA-2016-215b507409", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1901", "datePublished": "2016-01-20T16:00:00", "dateReserved": "2016-01-14T00:00:00", "dateUpdated": "2016-12-05T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF3ADACB-C9F2-4EFB-8B07-AADA98BE5FA8", "versionEndIncluding": "0.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n authenticate_post en CGit en versiones anteriores a 0.12 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un gran valor en la cabecera HTTP Content-Length, lo que desencadena un desbordamiento del buffer."}], "id": "CVE-2016-1901", "lastModified": "2016-12-07T18:33:10.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-20T16:59:05.880", "references": [{"source": "cve@mitre.org", "url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3545"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}