• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cscope Include Filename Buffer Overflow Vulnerability

Cscope is prone to a buffer-overflow vulnerability because it fails to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.