#VU32343 Buffer overflow in cgit - CVE-2016-1901

Cybersecurity Help s.r.o.

Published: 2016-01-20 | Updated: 2020-07-28

Vulnerability identifier: #VU32343

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-1901

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cgit
Client/Desktop applications / Software for system administration

Vendor: Jason A. Donenfeld

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

Mitigation
Install update from vendor's website.

Vulnerable software versions

cgit: 0.1 - 0.11.2

External links
https://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763
https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html
https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html
https://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html
https://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html
https://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html
https://www.debian.org/security/2016/dsa-3545
https://www.openwall.com/lists/oss-security/2016/01/14/3
https://www.openwall.com/lists/oss-security/2016/01/14/6

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in cgit (Alpine package)

Buffer overflow in cgit

Fedora EPEL 6 update for cgit

Fedora EPEL 7 update for cgit

Fedora 22 update for cgit

Fedora 23 update for cgit