Date: Mon, 19 May 2014 03:08:56 -0400 (EDT) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE request for buffer overrun in CHICKEN Scheme -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme > which is very similar to CVE-2013-4385. It affects a very particular, > not very common use of the read-u8vector! procedure. If given a buffer > and #f (the Scheme value for "false") as the buffer's size (which should > trigger automatic size detection but doesn't), it will read beyond the > buffer, until the input port (file, socket, etc) is exhausted. This may > result in the typical potential remote code execution or denial of > service Use CVE-2014-3776 for this "should trigger automatic size detection but doesn't" issue that has a resultant buffer overflow. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTea2nAAoJEKllVAevmvmsDLcIAJdrjm3SKzzVZNSil/uS5O8R L4AisRKJlVBvsCG3QcYeabzo8EbmLLDFqOlmISAi/MPhU0mX1ShXJ4luENfHxCBp FrHjXnnpS3oppIbSdcl5o3at1PnVGJevSNVHnMBK4Ou3qgnMlwWJWD8n5GC3/YaH YaHyFUvaObvuEMaFBIZw6wBMk5+dIerW6ElMh8GvBkWecqovKdDC+YsrH0tnYDUN K3ICeWx8LY7M1eeIdfvhbCHhOYamogJ4ws/V4rbG+5kzeHwSFhRSxAUNIUU1WbZV 1k45rmStE35kIFFxzmTH/dAuLk7Fn3B3+vbSDvCsyhFwhSYOLb01wuG+UYnSlAs= =sBKu -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ