Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 1 Jun 2017 09:23:13 +0200
From: Peter Bex <peter@...e-magic.net>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid
 pointer dereference

Hi all,

I just received my assignment of CVE-2017-9334 for this issue:

An incorrect "pair?" check in the Scheme "length" procedure results in                                                                  
an unsafe pointer dereference in all CHICKEN Scheme versions prior to                                                                   
4.13, which allows an attacker to cause a denial of service by passing                                                                  
an improper list to an application that calls "length" on it.                                                                           

Original announcement:
http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html

Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html

Cheers,
Peter

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ