Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 19 May 2014 03:08:56 -0400 (EDT)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE request for buffer overrun in CHICKEN Scheme

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme
> which is very similar to CVE-2013-4385.  It affects a very particular,
> not very common use of the read-u8vector! procedure.  If given a buffer
> and #f (the Scheme value for "false") as the buffer's size (which should
> trigger automatic size detection but doesn't), it will read beyond the
> buffer, until the input port (file, socket, etc) is exhausted.  This may
> result in the typical potential remote code execution or denial of
> service

Use CVE-2014-3776 for this "should trigger automatic size detection
but doesn't" issue that has a resultant buffer overflow.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTea2nAAoJEKllVAevmvmsDLcIAJdrjm3SKzzVZNSil/uS5O8R
L4AisRKJlVBvsCG3QcYeabzo8EbmLLDFqOlmISAi/MPhU0mX1ShXJ4luENfHxCBp
FrHjXnnpS3oppIbSdcl5o3at1PnVGJevSNVHnMBK4Ou3qgnMlwWJWD8n5GC3/YaH
YaHyFUvaObvuEMaFBIZw6wBMk5+dIerW6ElMh8GvBkWecqovKdDC+YsrH0tnYDUN
K3ICeWx8LY7M1eeIdfvhbCHhOYamogJ4ws/V4rbG+5kzeHwSFhRSxAUNIUU1WbZV
1k45rmStE35kIFFxzmTH/dAuLk7Fn3B3+vbSDvCsyhFwhSYOLb01wuG+UYnSlAs=
=sBKu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ