Vulnerability Details : CVE-2009-1577
Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-1577
- cpe:2.3:a:cscope:cscope:*:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.3:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.4:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:cscope:cscope:15.0bl2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1577
3.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1577
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-1577
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1577
-
https://bugzilla.redhat.com/show_bug.cgi?id=189666
189666 – cscope stack smashingExploit;Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9837
404 Not Found
-
http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19
CVS Info for project cscope
-
http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=499174
499174 – (CVE-2009-1577) CVE-2009-1577 cscope: putstring buffer overflowPatch
-
http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?r1=1.18&r2=1.19
CVS Info for project cscopePatch
-
http://www.openwall.com/lists/oss-security/2009/05/06/10
oss-security - Re: Old cscope buffer overflow
-
http://www.redhat.com/support/errata/RHSA-2009-1101.html
Support
-
http://security.gentoo.org/glsa/glsa-200905-02.xml
Cscope: User-assisted execution of arbitrary code (GLSA 200905-02) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2009/05/05/1
oss-security - Old cscope buffer overflow
-
http://www.openwall.com/lists/oss-security/2009/05/06/9
oss-security - Re: Old cscope buffer overflow
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50366
Cscope find.c buffer overflow CVE-2009-1577 Vulnerability Report
Jump to