Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "22"
},
{
"last_affected": "22"
}
],
"vendor_product": "fedoraproject:fedora",
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.11.2"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"source": "https://git.zx2c4.com/cgit@4458abf64172a62b92810c2293450106e6dfc763",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "91807045455295017519516621474102082140",
"length": 502.0
},
"deprecated": false,
"id": "CVE-2016-1901-95834c7c",
"target": {
"function": "authenticate_post",
"file": "cgit.c"
}
},
{
"source": "https://git.zx2c4.com/cgit@4458abf64172a62b92810c2293450106e6dfc763",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"50161904421011037412943174156570592313",
"323348394024932948650418271075221821184",
"134652070258692373190625334827825705051",
"141316581865117512757489622978323703720"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2016-1901-d5b187a7",
"target": {
"file": "cgit.c"
}
}
]
"2026-07-08T12:54:02Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1901.json"