oss-sec mailing list archives

CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures

From: Peter Bex <peter () more-magic net>
Date: Sun, 14 Aug 2016 12:50:11 +0200

Hello all,

I would like to request a CVE for a buffer overrun that
was detected in CHICKEN Scheme's "process-execute" and
"process-spawn" procedures from the posix unit.

CHICKEN preallocated an argument array of ARG_MAX items (or 256 if
that was undefined), and an environment array of ENV_MAX items
(or 1024 if that was undefined), and did not verify that the arguments
or environment lists were less than this size, resulting in a buffer
overrun if these lists were longer.

The full announcement can be found here:
http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html

The bugfix also fixed a memory leak in the same piece of code, which
could potentially be used to cause resource exhaustion/denial of
service situation.  Does this warrant another CVE?

The bug affects all releases of CHICKEN up to and including 4.11.

Cheers,
Peter Bex

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures Peter Bex (Aug 14)
- Re: CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures cve-assign (Aug 17)