CVE-2009-1577: Buffer Overflow
First published: Sat Apr 22 2006(Updated: )
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| cscope | =15.0bl2 | |
| cscope | =15.3 | |
| cscope | =13.0 | |
| cscope | <=15.5 | |
| cscope | =15.1 | |
| cscope | =15.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2009/05/05/1
- https://bugzilla.redhat.com/show_bug.cgi?id=189666
- http://www.openwall.com/lists/oss-security/2009/05/06/9
- http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?r1=1.18&r2=1.19
- http://www.openwall.com/lists/oss-security/2009/05/06/10
- https://bugzilla.redhat.com/show_bug.cgi?id=499174
- http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19
- http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch
- http://secunia.com/advisories/35213
- http://security.gentoo.org/glsa/glsa-200905-02.xml
- http://www.redhat.com/support/errata/RHSA-2009-1101.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50366
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9837
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=189666
- https://access.redhat.com/security/cve/CVE-2009-1577
- https://rhn.redhat.com/errata/RHSA-2009-1101.html
- https://www.cve.org/CVERecord?id=CVE-2009-1577 https://nvd.nist.gov/vuln/detail/CVE-2009-1577
- https://access.redhat.com/errata/RHSA-2009:1101
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1577.json
Frequently Asked Questions
What is the severity of CVE-2009-1577?
CVE-2009-1577 has a high severity due to potential remote code execution via stack-based buffer overflows.
How do I fix CVE-2009-1577?
To fix CVE-2009-1577, update Cscope to version 15.6 or later, which addresses the buffer overflow vulnerabilities.
What versions of Cscope are affected by CVE-2009-1577?
CVE-2009-1577 affects Cscope versions prior to 15.6, including 15.0bl2, 15.1, 15.3, 15.4, and 15.5.
What type of attack does CVE-2009-1577 allow?
CVE-2009-1577 allows user-assisted remote attackers to execute arbitrary code by supplying a long function name or symbol.
Who can exploit the vulnerabilities described in CVE-2009-1577?
The vulnerabilities in CVE-2009-1577 can be exploited by remote attackers if a victim is tricked into using a specially crafted source-code file.
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-1577
- collector/redhat-cve
- agent/references
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cscope
- canonical/cscope
- version/cscope/15.0bl2
- version/cscope/15.3
- version/cscope/13.0
- version/cscope/15.5
- version/cscope/15.1
- version/cscope/15.4