This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2863 advisory.

    [5.8-23]
    - CVE-2022-4515, arbitrary code execution issue       Resolves: rhbz#2153787

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5820-1 advisory.

    Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag

    filename command-line argument. A crafted tag filename specified

    in the command line or in the configuration file could result in

    arbitrary command execution.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ctags installed on the remote host is prior to 5.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2343 advisory.

    A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3254 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0224-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0225-1 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ctags installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4515 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2863 advisory.

  - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag     filename. A crafted tag filename specified in the command line or in the configuration file results in     arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an     unsafe way. (CVE-2022-4515)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2863 advisory.

    Ctags is a C programming language indexing and cross-reference tool.

    Security Fix(es):

    * ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
196120	RHEL 6 : ctags (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	5/11/2024	5/31/2024	high
176309	Oracle Linux 8 : ctags (ELSA-2023-2863)	Nessus	Oracle Linux Local Security Checks	5/24/2023	10/22/2024	high
170473	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : exuberant-ctags vulnerability (USN-5820-1)	Nessus	Ubuntu Local Security Checks	1/24/2023	8/27/2024	high
185785	Amazon Linux 2 : ctags (ALAS-2023-2343)	Nessus	Amazon Linux Local Security Checks	11/15/2023	12/11/2024	high
196097	RHEL 7 : ctags (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	5/11/2024	5/31/2024	high
176178	AlmaLinux 8 : ctags (ALSA-2023:2863)	Nessus	Alma Linux Local Security Checks	5/21/2023	5/21/2023	high
169439	Debian DLA-3254-1 : exuberant-ctags - LTS security update	Nessus	Debian Local Security Checks	12/31/2022	9/11/2023	high
170943	SUSE SLES12 Security Update : ctags (SUSE-SU-2023:0224-1)	Nessus	SuSE Local Security Checks	2/2/2023	7/14/2023	high
170945	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ctags (SUSE-SU-2023:0225-1)	Nessus	SuSE Local Security Checks	2/2/2023	7/14/2023	high
172947	CBL Mariner 2.0 Security Update: ctags (CVE-2022-4515)	Nessus	MarinerOS Local Security Checks	3/20/2023	8/29/2023	high
175886	CentOS 8 : ctags (CESA-2023:2863)	Nessus	CentOS Local Security Checks	5/16/2023	5/16/2023	high
175903	RHEL 8 : ctags (RHSA-2023:2863)	Nessus	Red Hat Local Security Checks	5/17/2023	11/7/2024	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

high

high