FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cscope -- buffer overflow vulnerabilities

Affected packages
cscope < 15.5_2


VuXML ID 72d8df84-ea6d-11da-8a53-00123ffe8333
Discovery 2004-11-11
Entry 2006-05-23

Jason Duell reports:

Cscope contains an alarming number of buffer overflow vulnerabilities. By a rough count, there are at least 48 places where we blindly sprintf() a file name into a fixed-length buffer of size PATHLEN without checking to see if the file's name is <= PATHLEN. We do similar things with environment variable values.


CVE Name CVE-2004-2541