CVE-2006-4262

Description

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661

https://exchange.xforce.ibmcloud.com/vulnerabilities/28546

https://exchange.xforce.ibmcloud.com/vulnerabilities/28545

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645

http://www.vupen.com/english/advisories/2006/3374

http://www.securityfocus.com/bid/19687

http://www.securityfocus.com/bid/19686

http://www.redhat.com/support/errata/RHSA-2009-1101.html

http://www.osvdb.org/28136

http://www.osvdb.org/28135

http://www.debian.org/security/2006/dsa-1186

http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500

http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500

http://security.gentoo.org/glsa/glsa-200610-08.xml

http://secunia.com/advisories/22515

http://secunia.com/advisories/22239

http://secunia.com/advisories/21601

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3