CVE-2006-4262

NameCVE-2006-4262
DescriptionMultiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1186-1
NVD severitymedium
Debian Bugs385893

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cscope (PTS)stretch15.8b-2fixed
bullseye, sid, buster15.9-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cscopesourcesarge15.5-1.1sarge2DSA-1186-1
cscopesource(unstable)15.5+cvs20060902-1low385893

Search for package or bug name: Reporting problems