Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Jun 2015 09:39:37 +0200
From: Peter Bex <peter@...e-magic.net>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE request for buffer overrun in CHICKEN Scheme's string-translate*
 procedure

Hello,

I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme's
string-translate* procedure, which is similar to CVE-2014-9651, but is a
separate issue.  The internals of this procedure would invoke memcmp() on
each index of the string being searched in, with a length of the source
string in the alist map argument, which caused it to read beyond the bounds
of the searched string.

This bug affects all released versions of CHICKEN prior to 4.10.0.  There
are no known workarounds at this time.

The original announcement can be found here, including a link to the patch:
http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html

Cheers,
Peter Bex

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ