CVE-2006-4262

NameCVE-2006-4262
DescriptionMultiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1186-1
NVD severitymedium (attack range: remote)
Debian Bugs385893

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cscope (PTS)wheezy15.7a-3.6fixed
jessie15.8a-2fixed
stretch15.8b-2fixed
buster, sid15.8b-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cscopesource(unstable)15.5+cvs20060902-1low385893
cscopesourcesarge15.5-1.1sarge2mediumDSA-1186-1

Search for package or bug name: Reporting problems