5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.0%
Secunia reports:
Will Drewry has reported some vulnerabilities in Cscope,
which potentially can be exploited by malicious people to
compromise a vulnerable system.
Various boundary errors within the parsing of file lists
or the expansion of environment variables can be exploited
to cause stack-based buffer overflows when parsing
specially crafted “cscope.lists” files or directories.
A boundary error within the parsing of command line
arguments can be exploited to cause a stack-based buffer
overflow when supplying an overly long “reffile” argument.
Successful exploitation may allow execution of arbitrary
code.