Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Mar 2017 17:34:21 +0100
From: Peter Bex <peter@...e-magic.net>
To: oss-security@...ts.openwall.com
Cc: Adam Maris <amaris@...hat.com>
Subject: Re: CVE request for unchecked size argument in
 malloc() in CHICKEN Scheme

On Thu, Mar 16, 2017 at 01:17:13PM +0100, Peter Korsgaard wrote:
> >>>>> "Peter" == Peter Bex <peter@...e-magic.net> writes:
> 
>  > On Thu, Mar 16, 2017 at 10:31:17AM +0100, Adam Maris wrote:
>  >> Hi Peter,
>  >> 
>  >> oss-security mailing is no longer a place for requesting CVEs. Please,
>  >> request CVE from MITRE via https://cveform.mitre.org/ or also possibly
>  >> from DWF project via http://iwantacve.org/
> 
>  > Oh yeah, I forgot about that.  I've filled out the form, and I hope I've
>  > done this correctly.
> 
> Please don't forget to forward the form details to this list once a CVE
> has been assigned. Thanks.

This was assigned CVE-2017-6949.  The form details were in my original
mail, but I'll include them here again, though I must say fiddling around
with e-mail to forward it is much much more inconvenient than how it used
to work:

> [Suggested description]
> An issue was discovered in CHICKEN Scheme through 4.12.0.
> When using a nonstandard CHICKEN-specific extension to allocate an
> SRFI-4 vector in unmanaged memory, the vector size would be used in
> unsanitised form as an argument to malloc(). With an unexpected size,
> the impact may have been a segfault or buffer overflow.
> 
> ------------------------------------------
> 
> [Vulnerability Type]
> Buffer Overflow
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> Affected: All versions up to and including 4.12.0.  No fixed versions released yet
> 
> ------------------------------------------
> 
> [Affected Component]
> All SRFI-4 vector constructor functions in CHICKEN Scheme
> 
> ------------------------------------------
> 
> [Attack Type]
> Context-dependent
> 
> ------------------------------------------
> 
> [Impact Code execution]
> true
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> When using a nonstandard CHICKEN-specific extension to allocate a
> SRFI-4 vector in unmanaged memory, the vector size would be used in
> unsanitised form as argument to malloc().
> 
> ------------------------------------------
> 
> [Reference]
> http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html
> 
> ------------------------------------------
> 
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
> 
> ------------------------------------------
> 
> [Discoverer]
> Lemonboy

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ