Unrated severityNVD Advisory· Published Mar 20, 2011· Updated Apr 29, 2026
CVE-2011-1027
CVE-2011-1027
Description
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
Affected products
26cpe:2.3:a:lars_hjemli:cgit:*:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:lars_hjemli:cgit:*:*:*:*:*:*:*:*range: <=0.8.3.4
- cpe:2.3:a:lars_hjemli:cgit:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.3:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- hjemli.net/git/cgit/commit/nvdBroken LinkPatch
- lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.htmlnvdMailing ListPatch
- lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.htmlnvdMailing ListPatch
- openwall.com/lists/oss-security/2011/03/07/3nvdMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/46756nvdBroken LinkExploitThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingPatch
- secunia.com/advisories/43633nvdBroken LinkVendor Advisory
- secunia.com/advisories/43788nvdBroken LinkVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/65919nvdThird Party AdvisoryVDB Entry
- article.gmane.org/gmane.comp.version-control.git/168493nvdBroken Link
- lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.htmlnvdMailing List
- www.osvdb.org/71005nvdBroken Link
- www.vupen.com/english/advisories/2011/0667nvdBroken Link
News mentions
0No linked articles in our index yet.