CVE-2006-4262

Description

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.

How to fix CVE-2006-4262

To remediate CVE-2006-4262, upgrade the affected package to a fixed version below.

• Debian/cscope—upgrade to 15.5+cvs20060902-1 or later
• —upgrade to 15.5-1.1sarge2 or later

Is CVE-2006-4262 being exploited?

Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 15.5+cvs20060902-1
• from 0, < 15.5-1.1sarge2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4262