Heap-based Buffer Overflow in cgit's substr Function Allows Remote Code Execution

Heap-based Buffer Overflow in cgit's substr Function Allows Remote Code Execution

CVE-2012-4465 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.

Learn more about our User Device Pen Test.