Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Mar 2017 10:31:17 +0100
From: Adam Maris <amaris@...hat.com>
To: oss-security@...ts.openwall.com
Cc: peter@...e-magic.net
Subject: Re: CVE request for unchecked size argument in
 malloc() in CHICKEN Scheme

On Wed, 2017-03-15 at 23:47 +0100, Peter Bex wrote:
> Hello all,
> 
> I'd like to request a CVE for an unchecked malloc() argument in
> CHICKEN Scheme's SRFI-4 vector constructors, when allocating the
> vector in unmanaged memory.  Due to the missing range check, this
> could result in negative or too small size allocations, which would
> result in a crash or a buffer overrun, depending on the size.
> 
> This issue affects all current releases of CHICKEN Scheme, including
> the latest release, 4.12.0.
> 
> The official announcement was made here:
> http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.h
> tml
> 
> 

Hi Peter,

oss-security mailing is no longer a place for requesting CVEs. Please,
request CVE from MITRE via https://cveform.mitre.org/ or also possibly
from DWF project via http://iwantacve.org/

Thanks!

Best Regards,

-- 
Adam Mariš, Red Hat Product Security
1CCD 3446 0529 81E3 86AF  2D4C 4869 76E7 BEF0 6BC2 
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ