Cscope Reffile Local Buffer Overflow Vulnerability

Cscope is prone to a local buffer-overflow vulnerability because it fails to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.

The issue allows local attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Cscope 15.x is vulnerable; previous versions may be affected as well.


 

Privacy Statement
Copyright 2010, SecurityFocus