Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Apr 2017 10:35:51 -0700
From: Kenton Varda <kenton@...udflare.com>
To: Tom Lee <debian@...lee.co>, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization

Whoops, apparently I'm supposed to use the web form now. Sorry!

-Kenton

On Mon, Apr 17, 2017 at 10:32 AM, Kenton Varda <kenton@...udflare.com>
wrote:

> Hi oss-security and cve-assign,
>
> Can you assign a CVE for the following issue?
>
> Full details and fix covered here: https://github.com/sandstorm-i
> o/capnproto/blob/master/security-advisories/2017-04-17-0-
> apple-clang-elides-bounds-check.md
>
> > Discovered by Kenton Varda
>
> > Some bounds checks are elided by Apple's compiler and possibly others,
> leading to a possible attack especially in 32-bit builds.
>
> > Although triggered by a compiler optimization, this is a bug in Cap'n
> Proto, not the compiler.
>
> Thanks,
> -Kenton
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ