cscope

• Author: voroskoi
• Vulnerable: 15.5-1
• Unaffected: 15.6-1siwenna1

Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system.

1. Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted “cscope.lists” files or directories.
2. A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long “reffile” argument.

• Bug Tracker URL: http://bugs.frugalware.org/task/1340

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4262