Date: Thu, 16 Mar 2017 10:31:17 +0100 From: Adam Maris <amaris@...hat.com> To: oss-security@...ts.openwall.com Cc: peter@...e-magic.net Subject: Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme On Wed, 2017-03-15 at 23:47 +0100, Peter Bex wrote: > Hello all, > > I'd like to request a CVE for an unchecked malloc() argument in > CHICKEN Scheme's SRFI-4 vector constructors, when allocating the > vector in unmanaged memory. Due to the missing range check, this > could result in negative or too small size allocations, which would > result in a crash or a buffer overrun, depending on the size. > > This issue affects all current releases of CHICKEN Scheme, including > the latest release, 4.12.0. > > The official announcement was made here: > http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.h > tml > > Hi Peter, oss-security mailing is no longer a place for requesting CVEs. Please, request CVE from MITRE via https://cveform.mitre.org/ or also possibly from DWF project via http://iwantacve.org/ Thanks! Best Regards, -- Adam Mariš, Red Hat Product Security 1CCD 3446 0529 81E3 86AF 2D4C 4869 76E7 BEF0 6BC2 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ