Cscope: Multiple buffer overflows — GLSA 200610-08

Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code.

Affected packages

dev-util/cscope on all architectures
Affected versions < 15.5.20060927
Unaffected versions >= 15.5.20060927

Background

Cscope is a developer's tool for browsing source code.

Description

Unchecked use of strcpy() and *scanf() leads to several buffer overflows.

Impact

A user could be enticed to open a carefully crafted file which would allow the attacker to execute arbitrary code with the permissions of the user running Cscope.

Workaround

There is no known workaround at this time.

Resolution

All Cscope users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5.20060927"

References

Release date
October 20, 2006

Latest revision
October 20, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries