cscope -- Buffer Overflow Vulnerabilities

2006-08-20T00:00:00
ID 74FF10F6-520F-11DB-8F1A-000A48049292
Type freebsd
Reporter FreeBSD
Modified 2006-10-11T00:00:00

Description

Secunia reports:

Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Successful exploitation may allow execution of arbitrary code.