A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The version of ctags installed on the remote host is prior to 5.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2343 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2863 advisory.

  - ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ctags installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4515 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0225-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0224-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has a package installed that is affected by a vulnerability as referenced in the USN-5820-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3254 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
196120	RHEL 6 : ctags (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
196097	RHEL 7 : ctags (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
185785	Amazon Linux 2 : ctags (ALAS-2023-2343)	Nessus	Amazon Linux Local Security Checks	high
176309	Oracle Linux 8 : ctags (ELSA-2023-2863)	Nessus	Oracle Linux Local Security Checks	high
176178	AlmaLinux 8 : ctags (ALSA-2023:2863)	Nessus	Alma Linux Local Security Checks	high
175903	RHEL 8 : ctags (RHSA-2023:2863)	Nessus	Red Hat Local Security Checks	high
175886	CentOS 8 : ctags (CESA-2023:2863)	Nessus	CentOS Local Security Checks	high
172947	CBL Mariner 2.0 Security Update: ctags (CVE-2022-4515)	Nessus	MarinerOS Local Security Checks	high
170945	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ctags (SUSE-SU-2023:0225-1)	Nessus	SuSE Local Security Checks	high
170943	SUSE SLES12 Security Update : ctags (SUSE-SU-2023:0224-1)	Nessus	SuSE Local Security Checks	high
170473	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : exuberant-ctags vulnerability (USN-5820-1)	Nessus	Ubuntu Local Security Checks	high
169439	Debian DLA-3254-1 : exuberant-ctags - LTS security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2022-4515

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high