Published: 05/05/2009 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple buffer overflows in Cscope prior to 15.7a allow remote malicious users to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cscope cscope 15.5
cscope cscope 15.6
cscope cscope 15.4
cscope cscope 15.7
cscope cscope 13.0
cscope cscope 15.1
cscope cscope 15.0bl2
cscope cscope 15.3

Debian Bug report logs - #528510 cscope: CVE-2009-0148 multiple buffer overflows Package: cscope; Maintainer for cscope is Tobias Klauser <tklauser@distanzch>; Source for cscope is src:cscope (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 13 May 2009 11:06:04 UTC Severity: grave Tags: se ...

Synopsis Moderate: cscope security update Type/Severity Security Advisory: Moderate Topic An updated cscope package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Synopsis Moderate: cscope security update Type/Severity Security Advisory: Moderate Topic An updated cscope package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Matt Murphy discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files For the stable distribution (lenny), this problem has been fixed in version 156-6+lenny1 Due to a techni ...

CWE-119 http://www.vupen.com/english/advisories/2009/1238 http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015K-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs https://bugzilla.redhat.com/show_bug.cgi?id=490667 http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527 http://sourceforge.net/forum/forum.php?forum_id=947983 http://secunia.com/advisories/34978 http://www.openwall.com/lists/oss-security/2009/05/06/9 http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://www.securitytracker.com/id?1022218 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 http://secunia.com/advisories/35214 http://www.debian.org/security/2009/dsa-1806 http://security.gentoo.org/glsa/glsa-200905-02.xml http://secunia.com/advisories/35213 http://www.redhat.com/support/errata/RHSA-2009-1101.html http://www.redhat.com/support/errata/RHSA-2009-1102.html http://www.securityfocus.com/bid/34805 http://secunia.com/advisories/35462 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9633 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528510 https://nvd.nist.gov https://www.debian.org/security/./dsa-1806

CVE-2009-0148

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect