oss-sec mailing list archives
CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file
From: Colin Watson <cjwatson () debian org>
Date: Sat, 27 Sep 2014 17:01:23 +0100
Hi, https://bugs.debian.org/742605 was reported some time ago against the Debian package of Exuberant Ctags (http://ctags.sourceforge.net/); it's a CPU/disk denial of service that results from attempting to run ctags over large volumes of public source code. Upstream fix, determined by bisection: http://sourceforge.net/p/ctags/code/791/ As far as I know this was not identified as a security problem upstream, just fixed as a normal bug in the course of development. The sources.debian.net use case turns it into a DoS though. CCing the upstream author for his information. Not affected: 5.6 Affected: 5.8 (the latest release) Since we'd like to issue patches for this bug as security updates, please could I have a CVE identifier for this? Thanks, -- Colin Watson [cjwatson () debian org]
Current thread:
- CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file Colin Watson (Sep 27)
- Re: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file cve-assign (Sep 29)