CVE-2009-0148

Name of the Vulnerable Software and Affected Versions cscope versions prior to 15.7a

Description The issue is related to multiple buffer overflows in cscope, which can be exploited by remote attackers to execute arbitrary code via long strings in input, such as source-code tokens and pathnames. This is also related to integer overflows in some cases. The exploitation of these vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For versions prior to 15.7a, update to version 15.7a or later to resolve the issue. As a temporary workaround, consider restricting input to prevent long strings from being processed by cscope until a patch is available.