Total vulnerabilities in the database
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.
| Software | From | Fixed in |
|---|---|---|
| lars_hjemli / cgit | 0.7.1 | 0.7.1.x |
| lars_hjemli / cgit | 0.8.3.1 | 0.8.3.1.x |
| lars_hjemli / cgit | 0.9.0.2 | 0.9.0.2.x |
| lars_hjemli / cgit | 0.9 | 0.9.x |
| lars_hjemli / cgit | 0.6.1 | 0.6.1.x |
| lars_hjemli / cgit | 0.6 | 0.6.x |
| lars_hjemli / cgit | 0.8 | 0.8.x |
| lars_hjemli / cgit | 0.3 | 0.3.x |
| lars_hjemli / cgit | 0.5 | 0.5.x |
| lars_hjemli / cgit | 0.8.1.1 | 0.8.1.1.x |
| lars_hjemli / cgit | 0.8.3.4 | 0.8.3.4.x |
| lars_hjemli / cgit | 0.2 | 0.2.x |
| lars_hjemli / cgit | 0.8.3.2 | 0.8.3.2.x |
| lars_hjemli / cgit | 0.8.3 | 0.8.3.x |
| lars_hjemli / cgit | 0.1 | 0.1.x |
| lars_hjemli / cgit | 0.6.2 | 0.6.2.x |
| lars_hjemli / cgit | 0.8.3.5 | 0.8.3.5.x |
| lars_hjemli / cgit | 0.8.2.2 | 0.8.2.2.x |
| lars_hjemli / cgit | 0.7.2 | 0.7.2.x |
| lars_hjemli / cgit | 0.4 | 0.4.x |
| lars_hjemli / cgit | 0.8.2 | 0.8.2.x |
| lars_hjemli / cgit | 0.8.1 | 0.8.1.x |
| lars_hjemli / cgit | 0.9.0.1 | 0.9.0.1.x |
| lars_hjemli / cgit | - | 0.9.0.3.x |
| lars_hjemli / cgit | 0.8.3.3 | 0.8.3.3.x |
| lars_hjemli / cgit | 0.8.2.1 | 0.8.2.1.x |
| lars_hjemli / cgit | 0.7 | 0.7.x |
| lars_hjemli / cgit | 0.6.3 | 0.6.3.x |