Date: Mon, 17 Jul 2017 08:51:29 +0200 From: Peter Bex <peter@...e-magic.net> To: Open Source Security <oss-security@...ts.openwall.com> Subject: CVE-2017-11343 CHICKEN Scheme: algorithmic complexity attack in hash tables Hi all, I just received the CVE-2017-11343 assignment for an issue in CHICKEN Scheme. An attacker is able to cause O(n) lookup for hash tables by predicting the buckets in which interned symbols will end up, due to a partially incorrect fix for CVE-2012-6125 where the randomization factor was determined before initializing the PRNG with a seed state. This issue affects only the Scheme symbol table, not user-created hash tables. All CHICKEN releases up to and including 4.12.0 are affected. More info: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html Cheers, Peter Bex Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ