CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4515 – ctags: arbitrary command execution via a tag file with a crafted filename
https://notcve.org/view.php?id=CVE-2022-4515
20 Dec 2022 — A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. Se encontró una falla en Exuberant Ctags en la forma en que maneja la opción "-o". Esta opción especifica el nombre del archivo de etiqueta. • https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2014-7204 – Mandriva Linux Security Advisory 2014-206
https://notcve.org/view.php?id=CVE-2014-7204
06 Oct 2014 — jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. jscript.c en Exuberant Ctags 5.8 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU y disco) a través de un fichero JavaScript manipulado. It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume res... • http://advisories.mageia.org/MGASA-2014-0415.html • CWE-399: Resource Management Errors •