Date: Mon, 15 Jun 2015 09:39:37 +0200 From: Peter Bex <peter@...e-magic.net> To: Open Source Security <oss-security@...ts.openwall.com> Subject: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure Hello, I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme's string-translate* procedure, which is similar to CVE-2014-9651, but is a separate issue. The internals of this procedure would invoke memcmp() on each index of the string being searched in, with a length of the source string in the alist map argument, which caused it to read beyond the bounds of the searched string. This bug affects all released versions of CHICKEN prior to 4.10.0. There are no known workarounds at this time. The original announcement can be found here, including a link to the patch: http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html Cheers, Peter Bex Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ