SB2017050410 - Resource management error in ctags (Alpine package)
Published: May 4, 2017
Security Bulletin ID
SB2017050410
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2014-7204)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9aea0e8939dda7342fd86c42cde3efaaf75003e3
- https://git.alpinelinux.org/aports/commit/?id=a8041022699701854c4b72ad0f27a92589ac2340
- https://git.alpinelinux.org/aports/commit/?id=d4f084d91cdd070d37e66828e4cdd2926fd599df
- https://git.alpinelinux.org/aports/commit/?id=d2bfb22c8e8f67ad7d8d02704f35ec4d2a19f9b9
- https://git.alpinelinux.org/aports/commit/?id=8acec4cd4b4fc6f9bcab54a041e9f27a950859cf