Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Jun 2015 09:39:37 +0200
From: Peter Bex <peter@...e-magic.net>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE request for buffer overrun in CHICKEN Scheme's string-translate*
 procedure

Hello,

I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme's
string-translate* procedure, which is similar to CVE-2014-9651, but is a
separate issue.  The internals of this procedure would invoke memcmp() on
each index of the string being searched in, with a length of the source
string in the alist map argument, which caused it to read beyond the bounds
of the searched string.

This bug affects all released versions of CHICKEN prior to 4.10.0.  There
are no known workarounds at this time.

The original announcement can be found here, including a link to the patch:
http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html

Cheers,
Peter Bex

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.