Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201410-11 ========================================= Severity: Medium Date : 2014-10-24 CVE-ID : CVE-2014-7204 Package : ctags Type : Denial of service Remote : No Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package ctags before version 5.8-5 is vulnerable to denial of service. Resolution ========= Upgrade to 5.8-5. # pacman -Syu "ctags>=5.8-5" The problem has been fixed upstream [0] but no release version is available yet. Workaround ========= None. Description ========== Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service. Impact ===== A local user can run out of disk space resulting in denial of service after running ctags on JavaScript files from an affected or specially prepared public repository. References ========= [0] https://access.redhat.com/security/cve/CVE-2014-7204 https://bugs.archlinux.org/task/42246 https://www.openwall.com/lists/oss-security/2014/09/29/40