PT-2022-7037 · Unknown+8 · Exuberant Ctags+8

Published

2022-12-19

Updated

2024-06-28

CVE-2022-4515

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exuberant Ctags (affected versions not specified)

Description A flaw was found in Exuberant Ctags in the way it handles the "-o" option, which specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() function in sort.c calls the system(3) function in an unsafe way. This allows an attacker to execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2023:2863

ALT-PU-2023-1594

ALT-PU-2024-7014

ALT-PU-2024-7062

ALT-PU-2024-8944

AZL-12083

AZL-34647

BDU:2023-07200

CESA-2023_2863

CVE-2022-4515

DLA-3254-1

MGASA-2023-0003

OESA-2023-1693

OESA-2023-1694

OPENSUSE-SU-2023_0225-1

OPENSUSE-SU-2024:12624-1

RHSA-2023:2863

RHSA-2023_2863

SUSE-SU-2023:0224-1

SUSE-SU-2023:0225-1

SUSE-SU-2023_0224-1

SUSE-SU-2023_0225-1

USN-5820-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Exuberant Ctags

Linuxmint

Red Hat

Suse

Ubuntu

PT-2022-7037 · Unknown+8 · Exuberant Ctags+8

CVE-2022-4515

Weakness Enumeration

Related Identifiers

Affected Products

References · 43