oss-sec mailing list archives

Re: CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures

From: cve-assign () mitre org
Date: Wed, 17 Aug 2016 23:30:14 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html

I would like to request a CVE for a buffer overrun that
was detected in CHICKEN Scheme's "process-execute" and
"process-spawn" procedures from the posix unit.

CHICKEN preallocated an argument array of ARG_MAX items (or 256 if
that was undefined), and an environment array of ENV_MAX items
(or 1024 if that was undefined), and did not verify that the arguments
or environment lists were less than this size, resulting in a buffer
overrun if these lists were longer.


Use CVE-2016-6830.

The bugfix also fixed a memory leak in the same piece of code, which
could potentially be used to cause resource exhaustion/denial of
service situation.

a memory leak existed in this code, which would be
triggered when an error is raised during argument and environment
processing (e.g., if one of the arguments wasn't a string).

Does this warrant another CVE?


Yes, use CVE-2016-6831 for the memory leak.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXtSRnAAoJEHb/MwWLVhi21jEQAKZvWLvq/uy2d4j31FTcH3Sx
OjM5j9I+2/szLaexJcEHjQGLUL34NDem+CEizZa1lU2NXKFFlYYXE8CGDGtVyvG9
M21Dxfq6QiSJv6WacORbLawUK6txSfBajOBu+DL36lr+Y6FSejh5zxwg/97E1Z97
J+bpICS96zSUDx21rTVj6a7AT+C48vHsGXdZ214yiui6Grs1UjKEwbyJvYONJnEh
qaUfZwxd1DMrp9mYLbTzC7YoaA8cpK4pa2XMj866Ek9zqd55W+IFrxTg7bapHrRY
elZdeTuXyg4POQ/ZJFUkkRVUZt5Dfa5r2nhG6O6oYxCNIWcjCwNkEH3vy8Fqnstp
60tAC2Plt/F58Or5rcgBMIPckf01rolGj23EOCKihuAqZC8iXyisaTWC80Bzvx9P
9L3RBU4p956GpRvDyMONdq30bGgI5ICtpV6yJUgiuMIR3npoCkZqH8/ONSrxZjdj
jPeikuZNGpzRmDqiKijG8PqXutTlnxNqiZ2sntFIzEgMrRYLtpaEqkXGJBOJiF/v
NiVOPbvlnVNfkbLBj4MjFwhxD10a8Nb+VuIUJaSVAEUszFlpTCiA/cj1t3ZZb5MG
bPumWrj0+22vn+C2V3KVlsevP8co68ggxydx2RYsbJ2gEQ7gkM904HFNkPfk1ZS2
CpJ18WYaF6DGQvTX6wie
=BpnE
-----END PGP SIGNATURE-----

Current thread:

CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures Peter Bex (Aug 14)
- Re: CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures cve-assign (Aug 17)