Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 27 Sep 2014 17:01:23 +0100
From: Colin Watson <>
Cc: Darren Hiebert <>
Subject: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript

Hi, was reported some time ago against the
Debian package of Exuberant Ctags (; it's
a CPU/disk denial of service that results from attempting to run ctags
over large volumes of public source code.

Upstream fix, determined by bisection:

As far as I know this was not identified as a security problem upstream,
just fixed as a normal bug in the course of development.  The use case turns it into a DoS though.  CCing the
upstream author for his information.

Not affected: 5.6
Affected: 5.8 (the latest release)

Since we'd like to issue patches for this bug as security updates,
please could I have a CVE identifier for this?


Colin Watson                                       []

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ