oss-sec mailing list archives
Re: CVE request for buffer overrun in CHICKEN Scheme
From: cve-assign () mitre org
Date: Mon, 19 May 2014 03:08:56 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme which is very similar to CVE-2013-4385. It affects a very particular, not very common use of the read-u8vector! procedure. If given a buffer and #f (the Scheme value for "false") as the buffer's size (which should trigger automatic size detection but doesn't), it will read beyond the buffer, until the input port (file, socket, etc) is exhausted. This may result in the typical potential remote code execution or denial of service
Use CVE-2014-3776 for this "should trigger automatic size detection but doesn't" issue that has a resultant buffer overflow. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTea2nAAoJEKllVAevmvmsDLcIAJdrjm3SKzzVZNSil/uS5O8R L4AisRKJlVBvsCG3QcYeabzo8EbmLLDFqOlmISAi/MPhU0mX1ShXJ4luENfHxCBp FrHjXnnpS3oppIbSdcl5o3at1PnVGJevSNVHnMBK4Ou3qgnMlwWJWD8n5GC3/YaH YaHyFUvaObvuEMaFBIZw6wBMk5+dIerW6ElMh8GvBkWecqovKdDC+YsrH0tnYDUN K3ICeWx8LY7M1eeIdfvhbCHhOYamogJ4ws/V4rbG+5kzeHwSFhRSxAUNIUU1WbZV 1k45rmStE35kIFFxzmTH/dAuLk7Fn3B3+vbSDvCsyhFwhSYOLb01wuG+UYnSlAs= =sBKu -----END PGP SIGNATURE-----
Current thread:
- CVE request for buffer overrun in CHICKEN Scheme Peter Bex (May 18)
- Re: CVE request for buffer overrun in CHICKEN Scheme cve-assign (May 19)