FS#42246 : [ctags] CVE-2014-7204: denial of service

FS#42246 - [ctags] CVE-2014-7204: denial of service

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Saturday, 04 October 2014, 21:16 GMT
Last edited by Dave Reisner (falconindy) - Friday, 24 October 2014, 20:18 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Giovanni Scafora (giovanni) Dave Reisner (falconindy)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Remi Gacogne (rgacogne) (2014-10-17) Levente Polyak (anthraxx) (2014-10-04)
Private	No

Details

Summary:
It has been reported [0] that ctags 5.8-4 is affected by a denial of service vulnerability tracked as CVE-2014-7204 [1].

Description:
Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service.

Mitigation:
The problem has been fixed upstream [2] but no release is available yet.
I recommend to backport the patch like f.e. debian [3].

[0] http://seclists.org/oss-sec/2014/q3/842
[1] https://access.redhat.com/security/cve/CVE-2014-7204
[2] http://sourceforge.net/p/ctags/code/791/
[3] http://anonscm.debian.org/cgit/users/cjwatson/exuberant-ctags.git/commit/?h=wheezy&id=f3d5c529d16838ba790ab00a2dc242840eeaf70a

jscript-set-tag-scope.patch (2.3 KiB)

This task depends upon

Closed by Dave Reisner (falconindy)
Friday, 24 October 2014, 20:18 GMT
Reason for closing: Fixed
Additional comments about closing: ctags-5.8-5

Comment by Levente Polyak (anthraxx) - Tuesday, 07 October 2014, 12:09 GMT

Anything we can do to help you on this issue? Do you need information or anything?
Would be cool to have an estimation when we can approximately resolve this.
cheers Levente

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#42246 - [ctags] CVE-2014-7204: denial of service

Details

Loading...