Date: Wed, 15 Mar 2017 23:47:49 +0100 From: Peter Bex <peter@...e-magic.net> To: Open Source Security <oss-security@...ts.openwall.com> Subject: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Hello all, I'd like to request a CVE for an unchecked malloc() argument in CHICKEN Scheme's SRFI-4 vector constructors, when allocating the vector in unmanaged memory. Due to the missing range check, this could result in negative or too small size allocations, which would result in a crash or a buffer overrun, depending on the size. This issue affects all current releases of CHICKEN Scheme, including the latest release, 4.12.0. The official announcement was made here: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html Cheers, Peter Bex [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ