oss-sec mailing list archives
CVE request for unchecked size argument in malloc() in CHICKEN Scheme
From: Peter Bex <peter () more-magic net>
Date: Wed, 15 Mar 2017 23:47:49 +0100
Hello all, I'd like to request a CVE for an unchecked malloc() argument in CHICKEN Scheme's SRFI-4 vector constructors, when allocating the vector in unmanaged memory. Due to the missing range check, this could result in negative or too small size allocations, which would result in a crash or a buffer overrun, depending on the size. This issue affects all current releases of CHICKEN Scheme, including the latest release, 4.12.0. The official announcement was made here: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html Cheers, Peter Bex
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 15)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)