blob: a0da0eb37aa019c699e86b8b49df9ee538f53cd4 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200606-10">
<title>Cscope: Many buffer overflows</title>
Cscope is vulnerable to multiple buffer overflows that could lead to the
execution of arbitrary code.
<product type="ebuild">Cscope</product>
<announced>June 11, 2006</announced>
<revised>June 11, 2006: 01</revised>
<package name="dev-util/cscope" auto="yes" arch="*">
<unaffected range="ge">15.5-r6</unaffected>
<vulnerable range="lt">15.5-r6</vulnerable>
Cscope is a developer's tool for browsing source code.
Cscope does not verify the length of file names sourced in
#include statements.
<impact type="normal">
A user could be enticed to source a carefully crafted file which
will allow the attacker to execute arbitrary code with the permissions
of the user running Cscope.
There is no known workaround at this time.
All Cscope users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-util/cscope-15.5-r6&quot;</code>
<uri link="">CVE-2004-2541</uri>
<metadata tag="requester" timestamp="Thu, 01 Jun 2006 07:07:22 +0000">
<metadata tag="bugReady" timestamp="Mon, 05 Jun 2006 17:21:43 +0000">
<metadata tag="submitter" timestamp="Mon, 05 Jun 2006 18:50:34 +0000">