csaf_opensuse - opensuse-su-2024:10705-1

OPENSUSE-SU-2024:10705-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

cscope-15.9-1.9 on GA media

Notes

Title of the patch

cscope-15.9-1.9 on GA media

Description of the patch

These are all security issues fixed in the cscope-15.9-1.9 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10705

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "cscope-15.9-1.9 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the cscope-15.9-1.9 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10705",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10705-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2004-2541 page",
        "url": "https://www.suse.com/security/cve/CVE-2004-2541/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2006-4262 page",
        "url": "https://www.suse.com/security/cve/CVE-2006-4262/"
      }
    ],
    "title": "cscope-15.9-1.9 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10705-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cscope-15.9-1.9.aarch64",
                "product": {
                  "name": "cscope-15.9-1.9.aarch64",
                  "product_id": "cscope-15.9-1.9.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cscope-15.9-1.9.ppc64le",
                "product": {
                  "name": "cscope-15.9-1.9.ppc64le",
                  "product_id": "cscope-15.9-1.9.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cscope-15.9-1.9.s390x",
                "product": {
                  "name": "cscope-15.9-1.9.s390x",
                  "product_id": "cscope-15.9-1.9.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cscope-15.9-1.9.x86_64",
                "product": {
                  "name": "cscope-15.9-1.9.x86_64",
                  "product_id": "cscope-15.9-1.9.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cscope-15.9-1.9.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cscope-15.9-1.9.aarch64"
        },
        "product_reference": "cscope-15.9-1.9.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cscope-15.9-1.9.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cscope-15.9-1.9.ppc64le"
        },
        "product_reference": "cscope-15.9-1.9.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cscope-15.9-1.9.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cscope-15.9-1.9.s390x"
        },
        "product_reference": "cscope-15.9-1.9.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cscope-15.9-1.9.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cscope-15.9-1.9.x86_64"
        },
        "product_reference": "cscope-15.9-1.9.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-2541",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2004-2541"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cscope-15.9-1.9.aarch64",
          "openSUSE Tumbleweed:cscope-15.9-1.9.ppc64le",
          "openSUSE Tumbleweed:cscope-15.9-1.9.s390x",
          "openSUSE Tumbleweed:cscope-15.9-1.9.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2004-2541",
          "url": "https://www.suse.com/security/cve/CVE-2004-2541"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 177568 for CVE-2004-2541",
          "url": "https://bugzilla.suse.com/177568"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cscope-15.9-1.9.aarch64",
            "openSUSE Tumbleweed:cscope-15.9-1.9.ppc64le",
            "openSUSE Tumbleweed:cscope-15.9-1.9.s390x",
            "openSUSE Tumbleweed:cscope-15.9-1.9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2004-2541"
    },
    {
      "cve": "CVE-2006-4262",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2006-4262"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cscope-15.9-1.9.aarch64",
          "openSUSE Tumbleweed:cscope-15.9-1.9.ppc64le",
          "openSUSE Tumbleweed:cscope-15.9-1.9.s390x",
          "openSUSE Tumbleweed:cscope-15.9-1.9.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2006-4262",
          "url": "https://www.suse.com/security/cve/CVE-2006-4262"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 200534 for CVE-2006-4262",
          "url": "https://bugzilla.suse.com/200534"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cscope-15.9-1.9.aarch64",
            "openSUSE Tumbleweed:cscope-15.9-1.9.ppc64le",
            "openSUSE Tumbleweed:cscope-15.9-1.9.s390x",
            "openSUSE Tumbleweed:cscope-15.9-1.9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2006-4262"
    }
  ]
}

CVE-2004-2541 (GCVE-0-2004-2541)

Vulnerability from cvelistv5 – Published: 2005-11-20 21:00 – Updated: 2024-08-08 01:29

Summary

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2732	vdb-entryx_refsource_VUPEN
	http://www.osvdb.org/11920	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/35462	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/13237	third-party-advisoryx_refsource_SECUNIA
	http://sourceforge.net/tracker/index.php?func=det…	x_refsource_MISC
	http://www.debian.org/security/2006/dsa-1064	vendor-advisoryx_refsource_DEBIAN
	http://www.gentoo.org/security/en/glsa/glsa-20060…	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/20191	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
	http://secunia.com/advisories/20564	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/25159	vdb-entryx_refsource_BID
	http://www.securityfocus.com/bid/18050	vdb-entryx_refsource_BID
	http://secunia.com/advisories/26235	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=490667	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:14.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "11920",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/11920"
          },
          {
            "name": "35462",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35462"
          },
          {
            "name": "oval:org.mitre.oval:def:10069",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10069"
          },
          {
            "name": "RHSA-2009:1101",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "13237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13237"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1064875\u0026group_id=4664\u0026atid=104664"
          },
          {
            "name": "DSA-1064",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1064"
          },
          {
            "name": "GLSA-200606-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml"
          },
          {
            "name": "20191",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20191"
          },
          {
            "name": "RHSA-2009:1102",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1102.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "20564",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20564"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "18050",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18050"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490667"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "11920",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/11920"
        },
        {
          "name": "35462",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35462"
        },
        {
          "name": "oval:org.mitre.oval:def:10069",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10069"
        },
        {
          "name": "RHSA-2009:1101",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "13237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13237"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1064875\u0026group_id=4664\u0026atid=104664"
        },
        {
          "name": "DSA-1064",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1064"
        },
        {
          "name": "GLSA-200606-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml"
        },
        {
          "name": "20191",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20191"
        },
        {
          "name": "RHSA-2009:1102",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1102.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "name": "20564",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20564"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "18050",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18050"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490667"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "11920",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/11920"
            },
            {
              "name": "35462",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35462"
            },
            {
              "name": "oval:org.mitre.oval:def:10069",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10069"
            },
            {
              "name": "RHSA-2009:1101",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "13237",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13237"
            },
            {
              "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1064875\u0026group_id=4664\u0026atid=104664",
              "refsource": "MISC",
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1064875\u0026group_id=4664\u0026atid=104664"
            },
            {
              "name": "DSA-1064",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1064"
            },
            {
              "name": "GLSA-200606-10",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml"
            },
            {
              "name": "20191",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20191"
            },
            {
              "name": "RHSA-2009:1102",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1102.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "20564",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20564"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "18050",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18050"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26235"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=490667",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490667"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2541",
    "datePublished": "2005-11-20T21:00:00",
    "dateReserved": "2005-11-20T00:00:00",
    "dateUpdated": "2024-08-08T01:29:14.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4262 (GCVE-0-2006-4262)

Vulnerability from cvelistv5 – Published: 2006-08-23 10:00 – Updated: 2024-08-07 19:06

Summary

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2006/dsa-1186	vendor-advisoryx_refsource_DEBIAN
	https://bugzilla.redhat.com/bugzilla/show_bug.cgi…	x_refsource_CONFIRM
	http://secunia.com/advisories/21601	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	http://www.osvdb.org/28135	vdb-entryx_refsource_OSVDB
	http://sourceforge.net/mailarchive/forum.php?thre…	x_refsource_CONFIRM
	http://secunia.com/advisories/22239	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22515	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/3374	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://sourceforge.net/mailarchive/forum.php?thre…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/19686	vdb-entryx_refsource_BID
	http://www.securityfocus.com/bid/19687	vdb-entryx_refsource_BID
	http://security.gentoo.org/glsa/glsa-200610-08.xml	vendor-advisoryx_refsource_GENTOO
	http://www.osvdb.org/28136	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:06.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1186",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645"
          },
          {
            "name": "21601",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21601"
          },
          {
            "name": "cscope-cscopelists-bo(28545)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28545"
          },
          {
            "name": "RHSA-2009:1101",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html"
          },
          {
            "name": "28135",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28135"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761\u0026forum_id=33500"
          },
          {
            "name": "22239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22239"
          },
          {
            "name": "22515",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22515"
          },
          {
            "name": "ADV-2006-3374",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3374"
          },
          {
            "name": "oval:org.mitre.oval:def:9661",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760\u0026forum_id=33500"
          },
          {
            "name": "19686",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19686"
          },
          {
            "name": "19687",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19687"
          },
          {
            "name": "GLSA-200610-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-08.xml"
          },
          {
            "name": "28136",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28136"
          },
          {
            "name": "cscope-reffile-bo(28546)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28546"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1186",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645"
        },
        {
          "name": "21601",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21601"
        },
        {
          "name": "cscope-cscopelists-bo(28545)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28545"
        },
        {
          "name": "RHSA-2009:1101",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html"
        },
        {
          "name": "28135",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28135"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761\u0026forum_id=33500"
        },
        {
          "name": "22239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22239"
        },
        {
          "name": "22515",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22515"
        },
        {
          "name": "ADV-2006-3374",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3374"
        },
        {
          "name": "oval:org.mitre.oval:def:9661",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760\u0026forum_id=33500"
        },
        {
          "name": "19686",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19686"
        },
        {
          "name": "19687",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19687"
        },
        {
          "name": "GLSA-200610-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-08.xml"
        },
        {
          "name": "28136",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28136"
        },
        {
          "name": "cscope-reffile-bo(28546)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28546"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-1186",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1186"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645"
            },
            {
              "name": "21601",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21601"
            },
            {
              "name": "cscope-cscopelists-bo(28545)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28545"
            },
            {
              "name": "RHSA-2009:1101",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html"
            },
            {
              "name": "28135",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28135"
            },
            {
              "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761\u0026forum_id=33500",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761\u0026forum_id=33500"
            },
            {
              "name": "22239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22239"
            },
            {
              "name": "22515",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22515"
            },
            {
              "name": "ADV-2006-3374",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3374"
            },
            {
              "name": "oval:org.mitre.oval:def:9661",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661"
            },
            {
              "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760\u0026forum_id=33500",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760\u0026forum_id=33500"
            },
            {
              "name": "19686",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19686"
            },
            {
              "name": "19687",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19687"
            },
            {
              "name": "GLSA-200610-08",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200610-08.xml"
            },
            {
              "name": "28136",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28136"
            },
            {
              "name": "cscope-reffile-bo(28546)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28546"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4262",
    "datePublished": "2006-08-23T10:00:00",
    "dateReserved": "2006-08-21T00:00:00",
    "dateUpdated": "2024-08-07T19:06:06.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2024:10705-1

CVE-2004-2541 (GCVE-0-2004-2541)

CVE-2006-4262 (GCVE-0-2006-4262)

Tags

Sightings

Nomenclature