Date: Thu, 1 Jun 2017 09:23:13 +0200 From: Peter Bex <peter@...e-magic.net> To: Open Source Security <oss-security@...ts.openwall.com> Subject: CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid pointer dereference Hi all, I just received my assignment of CVE-2017-9334 for this issue: An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html Cheers, Peter [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ