Published: 31/12/2004 Updated: 11/10/2017

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote malicious users to execute arbitrary code via a C file with a long #include line that is later browsed by the target.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cscope cscope 15.5

Synopsis Moderate: cscope security update Type/Severity Security Advisory: Moderate Topic An updated cscope package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Synopsis Moderate: cscope security update Type/Severity Security Advisory: Moderate Topic An updated cscope package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Debian Bug report logs - #340177 CVE-2004-2541: Buffer overflows in parsing file names from #include statements Package: cscope; Maintainer for cscope is Tobias Klauser <tklauser@distanzch>; Source for cscope is src:cscope (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 21 Nov 2005 ...

Debian Bug report logs - #528510 cscope: CVE-2009-0148 multiple buffer overflows Package: cscope; Maintainer for cscope is Tobias Klauser <tklauser@distanzch>; Source for cscope is src:cscope (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 13 May 2009 11:06:04 UTC Severity: grave Tags: se ...

Jason Duell discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files For the old stable distribution (woody) this problem has been fixed in version 153-1woody3 For the stabl ...

CWE-119 http://sourceforge.net/tracker/index.php?func=detail&aid=1064875&group_id=4664&atid=104664 http://www.osvdb.org/11920 http://secunia.com/advisories/13237 http://www.debian.org/security/2006/dsa-1064 http://secunia.com/advisories/20191 http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml http://secunia.com/advisories/20564 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.securityfocus.com/bid/18050 http://www.securityfocus.com/bid/25159 http://secunia.com/advisories/26235 https://bugzilla.redhat.com/show_bug.cgi?id=490667 http://www.redhat.com/support/errata/RHSA-2009-1101.html http://www.redhat.com/support/errata/RHSA-2009-1102.html http://secunia.com/advisories/35462 http://www.vupen.com/english/advisories/2007/2732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10069 https://access.redhat.com/errata/RHSA-2009:1101 https://nvd.nist.gov https://www.debian.org/security/./dsa-1064

CVE-2004-2541

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect