CVE-2009-1577 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-1577 PUBLISHED CVSS 9.300000190734863 CRITICAL

Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.

EPSS 15.45% · 94.6th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

15.45%

94.6th percentile

Affected Products

Vendor	Product	Versions
cscope	cscope	15.0bl2, 0, 13.0
n/a	n/a	n/a

Timeline

May 7, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

[oss-security] 20090506 Re: Old cscope buffer overflow mailing-list
oval:org.mitre.oval:def:9837 vdb
RHSA-2009:1101 vendor-advisory
http://cvs.fedoraproject.org/viewvc/rpms/cscope/devel/cscope-15.5-putstring-overflow.patch url
http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19 url
http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?r1=1.18&r2=1.19 url
[oss-security] 20090505 Old cscope buffer overflow mailing-list
GLSA-200905-02 vendor-advisory
cscope-findc-bo(50366) vdb
https://bugzilla.redhat.com/show_bug.cgi?id=499174 url
35213 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=189666 url
[oss-security] 20090506 Re: Old cscope buffer overflow mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2009-1577 advisory

Open in Interactive Console →