FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
91a2066b-5ab6-11de-bc9b-0030843d3802cscope -- buffer overflow

SecurityFocus reports:

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.


Discovery 2009-05-31
Entry 2009-06-16
cscope
< 15.6

34832
CVE-2009-1577
http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19
c14aa48c-5ab7-11de-bc9b-0030843d3802cscope -- multiple buffer overflows

Secunia reports:

Some vulnerabilities have been reported in Cscope, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to various boundary errors, which can be exploited to cause buffer overflows when parsing specially crafted files or directories.


Discovery 2009-05-31
Entry 2009-06-16
cscope
< 15.7a

34805
CVE-2009-0148
http://secunia.com/advisories/34978
74ff10f6-520f-11db-8f1a-000a48049292cscope -- Buffer Overflow Vulnerabilities

Secunia reports:

Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system.

Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories.

A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument.

Successful exploitation may allow execution of arbitrary code.


Discovery 2006-08-20
Entry 2006-10-02
Modified 2006-10-11
cscope
< 15.6

19686
19687
CVE-2006-4262
http://secunia.com/advisories/21601
http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500
http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500
72d8df84-ea6d-11da-8a53-00123ffe8333cscope -- buffer overflow vulnerabilities

Jason Duell reports:

Cscope contains an alarming number of buffer overflow vulnerabilities. By a rough count, there are at least 48 places where we blindly sprintf() a file name into a fixed-length buffer of size PATHLEN without checking to see if the file's name is <= PATHLEN. We do similar things with environment variable values.


Discovery 2004-11-11
Entry 2006-05-23
cscope
< 15.5_2

CVE-2004-2541
http://sourceforge.net/tracker/index.php?func=detail&aid=1064875&group_id=4664&atid=104664
http://secunia.com/advisories/13237
a7bfd423-484f-11d9-a9e7-0001020eed82cscope -- symlink attack vulnerability

cscope is vulnerable to a symlink attack which could lead to an attacker overwriting arbitrary files with the permissions of the user running cscope.


Discovery 2003-04-03
Entry 2004-12-07
cscope
< 15.5_1

11697
CVE-2004-0996
http://marc.theaimsgroup.com/?l=bugtraq&m=110133485519690
http://marc.theaimsgroup.com/?l=bugtraq&m=110072752707293
http://sourceforge.net/tracker/index.php?func=detail&aid=1062807&group_id=4664&atid=104664