cscope: buffer overflows
| Package(s): | cscope | CVE #(s): | CVE-2004-2541 | ||||||||||||||||||||||||
| Created: | May 22, 2006 | Updated: | June 19, 2009 | ||||||||||||||||||||||||
| Description: | A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Posted Jun 1, 2006 12:14 UTC (Thu)
by jfj (guest, #37917)
[Link]
This is a bug. A segmentation fault is a bug.
A segmentation fault is a denial of service when it brings down a server.
Can we please stop treating every buffer overflow as a security threat?cscope: buffer overflows
A buffer overflow is execution of arbitary code, when it can be trigerred with data from the network for which the use is not aware that is being processed. A buffer overflow in PNG which is used by mozilla *is* a serious security threat. A buffer overflow in cscope is merely a bug. cscope is a tool for developers who usually take a look at the C files they are going to process (and very possibly have compiled them before analysing with cscope). It's not like a mail will come "Hi! I have attached a C file. Please analyse it with cscope. Thank you, anonymous".