Lucene search

GoogleOSV:GHSA-9F8C-PFVV-P4GM

HistoryApr 24, 2024 - 8:56 p.m.

Buffer Overflow in gitea

2024-04-2420:56:50

Google

osv.dev

stack buffer overflow

gitea

remote attackers

denial of service

file path vulnerability

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.

CPENameOperatorVersion
github.com/go-gitea/giteage1.9.0
github.com/go-gitea/gitealt1.13.2

CPE	Name	Operator	Version
	github.com/go-gitea/gitea	ge	1.9.0
	github.com/go-gitea/gitea	lt	1.13.2

References

github.com/go-gitea/gitea

github.com/go-gitea/gitea/pull/14390

nvd.nist.gov/vuln/detail/CVE-2021-3382

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for OSV:GHSA-9F8C-PFVV-P4GM