Vulnerability Details : CVE-2006-4262
Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2006-4262
Probability of exploitation activity in the next 30 days: 2.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4262
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2006-4262
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-4262
-
Red Hat 2009-06-16Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch since its first release. In Red Hat Enterprise Linux 3 and 4, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1101.html
-
http://security.gentoo.org/glsa/glsa-200610-08.xml
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28546
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28545
-
http://www.vupen.com/english/advisories/2006/3374
Vendor Advisory
-
http://www.securityfocus.com/bid/19686
-
http://www.securityfocus.com/bid/19687
-
http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645
Patch;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-1186
-
http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500
-
http://www.redhat.com/support/errata/RHSA-2009-1101.html
Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661
- cpe:2.3:a:cscope:cscope:*:*:*:*:*:*:*:*