oss-sec mailing list archives

CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file

From: Colin Watson <cjwatson () debian org>
Date: Sat, 27 Sep 2014 17:01:23 +0100

Hi,

https://bugs.debian.org/742605 was reported some time ago against the
Debian package of Exuberant Ctags (http://ctags.sourceforge.net/); it's
a CPU/disk denial of service that results from attempting to run ctags
over large volumes of public source code.

Upstream fix, determined by bisection:
  http://sourceforge.net/p/ctags/code/791/

As far as I know this was not identified as a security problem upstream,
just fixed as a normal bug in the course of development.  The
sources.debian.net use case turns it into a DoS though.  CCing the
upstream author for his information.

Not affected: 5.6
Affected: 5.8 (the latest release)

Since we'd like to issue patches for this bug as security updates,
please could I have a CVE identifier for this?

Thanks,

-- 
Colin Watson                                       [cjwatson () debian org]

Current thread:

CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file Colin Watson (Sep 27)
- Re: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file cve-assign (Sep 29)