Vulnerability CVE-2009-0148: Information

Description

Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.

Severity: CRITICAL (9.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-0148
Published: May 5, 2009
Modified: Sept. 29, 2017
Error type identifier: CWE-119

References to Advisories, Solutions, and Tools

Hyperlink
Resource
ADV-2009-1238
  • Vendor Advisory
[cscope-cvs] 20090410 CVS: cscope/src snprintf.c, NONE, 1.1 build.c, 1.14, 1.15 command.c, 1.32, 1.33 dir.c, 1.30, 1.31 display.c, 1.29, 1.30 edit.c, 1.6, 1.7 exec.c, 1.11, 1.12 find.c, 1.20, 1.21 global.h, 1.36, 1.37 main.c, 1.45, 1.46 Makefile.am, 1.12, 1.13 Makefile.in, 1.15, 1.16 vpaccess.c, 1.2, 1.3 vpfopen.c, 1.3, 1.4 vpopen.c, 1.4, 1.5
    https://bugzilla.redhat.com/show_bug.cgi?id=490667
      http://sourceforge.net/project/shownotes.php?group_id=4664&release_id=679527
      • Patch
      http://sourceforge.net/forum/forum.php?forum_id=947983
      • Patch
      34978
      • Vendor Advisory
      [oss-security] 20090506 Re: Old cscope buffer overflow
        35074
        • Vendor Advisory
        http://support.apple.com/kb/HT3549
          APPLE-SA-2009-05-12
            1022218
              TA09-133A
              • US Government Resource
              ADV-2009-1297
              • Vendor Advisory
              35214
              • Vendor Advisory
              DSA-1806
                GLSA-200905-02
                  35213
                  • Vendor Advisory
                  RHSA-2009:1101
                    RHSA-2009:1102
                      34805
                        35462
                        • Vendor Advisory
                        oval:org.mitre.oval:def:9633

                            1. Configuration 1

                              cpe:2.3:a:cscope:cscope:15.6:*:*:*:*:*:*:*
                              cpe:2.3:a:cscope:cscope:15.0bl2:*:*:*:*:*:*:*
                              cpe:2.3:a:cscope:cscope:15.5:*:*:*:*:*:*:*
                              cpe:2.3:a:cscope:cscope:15.3:*:*:*:*:*:*:*
                              cpe:2.3:a:cscope:cscope:13.0:*:*:*:*:*:*:*
                              cpe:2.3:a:cscope:cscope:15.1:*:*:*:*:*:*:*
                              cpe:2.3:a:cscope:cscope:15.4:*:*:*:*:*:*:*
                              cpe:2.3:a:cscope:cscope:15.7:*:*:*:*:*:*:*
                          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                          Version: v24.5.1
                          Back to top