Cscope 'cscope.lists' Multiple Buffer Overflow Vulnerabilities

Cscope is prone to multiple buffer-overflow vulnerabilities because it fails to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.

These issues allow remote attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Cscope 15.x is vulnerable; previous versions may be affected as well.


Privacy Statement
Copyright 2010, SecurityFocus