Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Mar 2017 23:47:49 +0100
From: Peter Bex <>
To: Open Source Security <>
Subject: CVE request for unchecked size argument in malloc() in CHICKEN Scheme

Hello all,

I'd like to request a CVE for an unchecked malloc() argument in
CHICKEN Scheme's SRFI-4 vector constructors, when allocating the
vector in unmanaged memory.  Due to the missing range check, this
could result in negative or too small size allocations, which would
result in a crash or a buffer overrun, depending on the size.

This issue affects all current releases of CHICKEN Scheme, including
the latest release, 4.12.0.

The official announcement was made here:

Peter Bex

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ