Date: Mon, 17 Apr 2017 10:35:51 -0700 From: Kenton Varda <kenton@...udflare.com> To: Tom Lee <debian@...lee.co>, oss-security@...ts.openwall.com Subject: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Whoops, apparently I'm supposed to use the web form now. Sorry! -Kenton On Mon, Apr 17, 2017 at 10:32 AM, Kenton Varda <kenton@...udflare.com> wrote: > Hi oss-security and cve-assign, > > Can you assign a CVE for the following issue? > > Full details and fix covered here: https://github.com/sandstorm-i > o/capnproto/blob/master/security-advisories/2017-04-17-0- > apple-clang-elides-bounds-check.md > > > Discovered by Kenton Varda > > > Some bounds checks are elided by Apple's compiler and possibly others, > leading to a possible attack especially in 32-bit builds. > > > Although triggered by a compiler optimization, this is a bug in Cap'n > Proto, not the compiler. > > Thanks, > -Kenton >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.