Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-4465 at MITRE


Heap-based buffer overflow in the substr function in parsing.c in cgit and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.
CVSS v2 Scores
  National Vulnerability Database
Base Score 6.52
Vector AV:N/AC:L/Au:S/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

SUSE information

SUSE Bugzilla entry: 783012 [RESOLVED / FIXED]

SUSE Security Advisories: