{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4515", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:41:45.615Z", "dateReserved": "2022-12-15T00:00:00", "datePublished": "2022-12-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way."}], "affected": [{"vendor": "n/a", "product": "Exuberant Ctags", "versions": [{"version": "All versions are affected", "status": "affected"}]}], "references": [{"url": "https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56"}, {"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3254-1] exuberant-ctags security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78", "cweId": "CWE-78"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:45.615Z"}, "title": "CVE Program Container", "references": [{"url": "https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3254-1] exuberant-ctags security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exuberant_ctags_project:exuberant_ctags:*:*:*:*:*:*:*:*", "matchCriteriaId": "5341B744-3F8E-4AB4-991C-0DDEB973EEED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Exuberant Ctags en la forma en que maneja la opci\u00f3n \"-o\". Esta opci\u00f3n especifica el nombre del archivo de etiqueta. Un nombre de archivo de etiqueta modificado especificado en la l\u00ednea de comando o en el archivo de configuraci\u00f3n da como resultado la ejecuci\u00f3n de un comando arbitrario porque externalSortTags() en sort.c llama a la funci\u00f3n system(3) de manera insegura."}], "id": "CVE-2022-4515", "lastModified": "2023-01-03T17:22:43.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-20T19:15:25.190", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Lorenz Hipp (100% IRDiSCH) and Masatake YAMATO (Red Hat).", "affected_release": [{"advisory": "RHSA-2023:2863", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "ctags-0:5.8-23.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}], "bugzilla": {"description": "ctags: arbitrary command execution via a tag file with a crafted filename", "id": "2153519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153519"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-78", "details": ["A flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.", "A flaw was found in Exuberant Ctags in the way it handles the \"-o\" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way."], "mitigation": {"lang": "en:us", "value": "The --options=NONE command line option will disable the automatic reading of any configuration file, including the .ctags configuration file from the current directory. However, this option will prevent ctags of reading the specific configuration provided by a project via a version control system repository."}, "name": "CVE-2022-4515", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ctags", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ctags", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-12-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-4515\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4515"], "statement": "Exuberant Ctags is not shipped in Red Hat Enterprise Linux 9, therefore it's not affected.", "threat_severity": "Moderate"}