Arch Linux Security Advisory ASA-201410-11
=========================================
Severity: Medium
Date    : 2014-10-24
CVE-ID  : CVE-2014-7204
Package : ctags
Type    : Denial of service
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE-2014

Summary
======
The package ctags before version 5.8-5 is vulnerable to denial of service.

Resolution
=========
Upgrade to 5.8-5.

# pacman -Syu "ctags>=5.8-5"

The problem has been fixed upstream [0] but no release version is
available yet.

Workaround
=========
None.

Description
==========
Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build
tag file indexes of source code definitions: Certain JavaScript files
cause ctags to enter an infinite loop until it runs out of disk space,
resulting in denial of service.

Impact
=====
A local user can run out of disk space resulting in denial of service
after running ctags on JavaScript files from an affected or specially
prepared public repository.

References
=========
[0] https://sourceforge.net/p/ctags/code/791/
https://access.redhat.com/security/cve/CVE-2014-7204
https://bugs.archlinux.org/task/42246
https://www.openwall.com/lists/oss-security/2014/09/29/40

ArchLinux: 201410-11: ctags: Denial of service

October 24, 2014

Summary

Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service.

Resolution

Upgrade to 5.8-5. # pacman -Syu "ctags>=5.8-5"
The problem has been fixed upstream [0] but no release version is available yet.

References

[0] https://sourceforge.net/p/ctags/code/791/ https://access.redhat.com/security/cve/CVE-2014-7204 https://bugs.archlinux.org/task/42246 https://www.openwall.com/lists/oss-security/2014/09/29/40


Severity
Package : ctags
Type : Denial of service
Remote : No
Link : https://wiki.archlinux.org/title/CVE-2014

Workaround

None.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved