Re: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> memcmp() on
> each index of the string being searched in, with a length of the source
> string in the alist map argument, which caused it to read beyond the bounds
> of the searched string.
>
> This bug affects all released versions of CHICKEN prior to 4.10.0.

> http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html

> http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html

> http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/txtHKRTbJy12t.txt

> string-translate* would scan from every position in the target string
> for each source string in the map, even if that would mean scanning
> past the end.  The out-of-bounds read would be limited to the size of
> the overlapping prefix in the trailing garbage beyond the string

Use CVE-2015-4556 for this out-of-bounds read issue.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVfrY3AAoJEKllVAevmvmsXzAH/0XNvsyezFpaTOFDrkLLXM6P
q9OrHbLljpyFVIYHV4zHmYbdtaGkIGdmpZVeM9Llz+CFFihnaApoC8r41aVdrNOi
BO1TC9FGM4LiV35GRgoi2Y6Rjg5yXyC5aWXjqqrfvFNcrR8x3N2ewGLufCC8L6zU
3a5UQdNaayL040SLLnYwNKi7obDRCCohlS+z4t9EDWalByTIvn+lU/fcjtDCvWf2
MK+1rtGaOgc3sdPmJ2KSE3DpLHhz2Lh3s+SXIsq80ajVk4u9m2VQjxojbNkh1U3Y
FAlbmurg25TcTAAdrjTxs6yHwvji5dLM17neLDbpjBwIBREqyx0V08pygiLEYUo=
=aPMM
-----END PGP SIGNATURE-----