oss-sec mailing list archives
CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure
From: Peter Bex <peter () more-magic net>
Date: Mon, 15 Jun 2015 09:39:37 +0200
Hello, I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme's string-translate* procedure, which is similar to CVE-2014-9651, but is a separate issue. The internals of this procedure would invoke memcmp() on each index of the string being searched in, with a length of the source string in the alist map argument, which caused it to read beyond the bounds of the searched string. This bug affects all released versions of CHICKEN prior to 4.10.0. There are no known workarounds at this time. The original announcement can be found here, including a link to the patch: http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html Cheers, Peter Bex
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure Peter Bex (Jun 15)