Date: Mon, 17 Apr 2017 10:35:51 -0700 From: Kenton Varda <kenton@...udflare.com> To: Tom Lee <debian@...lee.co>, oss-security@...ts.openwall.com Subject: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Whoops, apparently I'm supposed to use the web form now. Sorry! -Kenton On Mon, Apr 17, 2017 at 10:32 AM, Kenton Varda <kenton@...udflare.com> wrote: > Hi oss-security and cve-assign, > > Can you assign a CVE for the following issue? > > Full details and fix covered here: https://github.com/sandstorm-i > o/capnproto/blob/master/security-advisories/2017-04-17-0- > apple-clang-elides-bounds-check.md > > > Discovered by Kenton Varda > > > Some bounds checks are elided by Apple's compiler and possibly others, > leading to a possible attack especially in 32-bit builds. > > > Although triggered by a compiler optimization, this is a bug in Cap'n > Proto, not the compiler. > > Thanks, > -Kenton >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ