5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.0%
Cscope is a developer’s tool for browsing source code.
Unchecked use of strcpy() and *scanf() leads to several buffer overflows.
A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the user running Cscope.
There is no known workaround at this time.
All Cscope users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5.20060927"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-util/cscope | < 15.5.20060927 | UNKNOWN |