9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.592 Medium
EPSS
Percentile
97.7%
CentOS Errata and Security Advisory CESA-2009:1101
cscope is a mature, ncurses-based, C source-code tree browsing tool.
Multiple buffer overflow flaws were found in cscope. An attacker could
create a specially crafted source code file that could cause cscope to
crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577)
All users of cscope are advised to upgrade to this updated package, which
contains backported patches to fix these issues. All running instances of
cscope must be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-June/078133.html
https://lists.centos.org/pipermail/centos-announce/2009-June/078134.html
Affected packages:
cscope
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1101
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | cscope | < 15.5-16.RHEL3 | cscope-15.5-16.RHEL3.i386.rpm |
CentOS | 3 | i386 | cscope | < 15.5-16.RHEL3 | cscope-15.5-16.RHEL3.i386.rpm |
CentOS | 3 | x86_64 | cscope | < 15.5-16.RHEL3 | cscope-15.5-16.RHEL3.x86_64.rpm |
CentOS | 3 | x86_64 | cscope | < 15.5-16.RHEL3 | cscope-15.5-16.RHEL3.x86_64.rpm |