Computer Security
[EN] securityvulns.ru no-pyccku


cscope buffer overflow
Published:26.05.2009
Source:
SecurityVulns ID:9935
Type:local
Threat Level:
5/10
Description:Buffer overflow on oversized included file name.
Affected:CSCOPE : cscope 15.6
CVE:CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.)
 CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution (26.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod