Multiple vulnerabilities in cgit
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2012-4548 CVE-2012-4465 |
| CWE-ID | CWE-20 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
cgit Client/Desktop applications / Software for system administration |
| Vendor | Jason A. Donenfeld |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43344
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-4548
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. Per http://cwe.mitre.org/data/definitions/88.html'CWE-88: Argument Injection or Modification'
MitigationInstall update from vendor's website.
Vulnerable software versionscgit: 0.1 - 0.9.0.2
External linkshttp://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html
http://secunia.com/advisories/50734
http://secunia.com/advisories/51167
http://secunia.com/advisories/51222
http://www.openwall.com/lists/oss-security/2012/10/28/1
http://www.openwall.com/lists/oss-security/2012/10/28/2
http://www.securityfocus.com/bid/56315
http://bugzilla.redhat.com/show_bug.cgi?id=870713
http://exchange.xforce.ibmcloud.com/vulnerabilities/79665
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU43403
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2012-4465
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier. A remote attacker can use an empty username in the to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionscgit: 0.1 - 0.9.0.2
External linkshttp://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec
http://hjemli.net/pipermail/cgit/2012-July/000652.html
http://secunia.com/advisories/50734
http://www.openwall.com/lists/oss-security/2012/09/30/1
http://www.openwall.com/lists/oss-security/2012/10/03/7
http://www.securityfocus.com/bid/55724
http://bugzilla.redhat.com/show_bug.cgi?id=820733
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
