CVE-2009-1577: Buffer Overflow
First published: Sat Apr 22 2006(Updated: )
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cscope Cscope | =15.0bl2 | |
| Cscope Cscope | =15.3 | |
| Cscope Cscope | =13.0 | |
| Cscope Cscope | <=15.5 | |
| Cscope Cscope | =15.1 | |
| Cscope Cscope | =15.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2009/05/05/1
- https://bugzilla.redhat.com/show_bug.cgi?id=189666
- http://www.openwall.com/lists/oss-security/2009/05/06/9
- http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?r1=1.18&r2=1.19
- http://www.openwall.com/lists/oss-security/2009/05/06/10
- https://bugzilla.redhat.com/show_bug.cgi?id=499174
- http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19
- http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch
- http://secunia.com/advisories/35213
- http://security.gentoo.org/glsa/glsa-200905-02.xml
- http://www.redhat.com/support/errata/RHSA-2009-1101.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50366
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9837
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=189666
- https://access.redhat.com/security/cve/CVE-2009-1577
- https://rhn.redhat.com/errata/RHSA-2009-1101.html
- https://www.cve.org/CVERecord?id=CVE-2009-1577 https://nvd.nist.gov/vuln/detail/CVE-2009-1577
- https://access.redhat.com/errata/RHSA-2009:1101
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1577.json
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-1577
- collector/redhat-cve
- vendor/cscope
- canonical/cscope cscope
- version/cscope cscope/15.0bl2
- version/cscope cscope/15.3
- version/cscope cscope/13.0
- version/cscope cscope/15.5
- version/cscope cscope/15.1
- version/cscope cscope/15.4