QwikSec

Security Database

CVE

CWE

Training

CVE-2022-4515

Published: Dec 20, 2022

Modified: Apr 14, 2025

PUBLISHED

Description

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

Vendor	Product	Versions
n/a	Exuberant Ctags	affected `All versions are affected`

Weaknesses (CWE)

References

https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56

[debian-lts-announce] 20221231 [SECURITY] [DLA 3254-1] exuberant-ctags security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.