REDHAT-BUG-499174: Buffer Overflow

First published: Tue May 05 2009(Updated: )

A stack-based buffer overflow existed in cscope's putstring function in cscope's versions prior to 15.6. A long function or symbol name in source code file could result in cscope crash or code execution when searching the source code for any function or symbol name. Issue was originally reported via <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED CURRENTRELEASE - cscope stack smashing" href="show_bug.cgi?id=189666">bug #189666</a>, it can be reproduced using memcheck/tests/match-overrun.c from valgrind source tarball. In cscope 15.6, putstring was replaced with function fetch_string_from_dbase, which accepts target buffer size as its argument. Upstream commit: <a href="http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19">http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19</a> Patch, which was used in Fedora cscope packages and is used in cscope packages in Red Hat Enterprise Linux 5: <a href="http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch">http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch</a>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/last-modified-date
• agent/first-publish-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2009-1577
• agent/weakness
• agent/severity
• agent/description
• agent/event
• agent/trending
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/cscope
• canonical/cscope