Date: Thu, 26 Sep 2013 23:27:01 +0200 From: Peter Bex <Peter.Bex@...all.nl> To: Open Source Security <oss-security@...ts.openwall.com> Subject: Buffer overrun vulnerability in CHICKEN Scheme Hi all, I'd like to request a CVE for a recently discovered vulnerability in CHICKEN Scheme. It affects a very particular, not very common use of the read-string! procedure. If given a buffer and #f (the Scheme value for "false") as the buffer's size (which should trigger automatic size detection but doesn't), it will read beyond the buffer, until the input port (file, socket, etc) is exhausted. This may result in the typical potential remote code execution or denial of service; in CHICKEN, these buffers are initially allocated on the stack and moved to the heap upon GC. In normal usage, users would usually pass in the buffer's size. This is also the workaround for this bug. For the official announcement, see http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html The discussion thread's final accepted patch is at http://lists.nongnu.org/archive/html/chicken-hackers/2013-09/msg00009.html which got applied as http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26 All versions of CHICKEN prior to 18.104.22.168 and 4.8.3 (not yet released) are affected. Cheers, Peter Bex -- http://www.more-magic.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.