oss-sec mailing list archives
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme
From: Adam Maris <amaris () redhat com>
Date: Thu, 16 Mar 2017 10:31:17 +0100
On Wed, 2017-03-15 at 23:47 +0100, Peter Bex wrote:
Hello all, I'd like to request a CVE for an unchecked malloc() argument in CHICKEN Scheme's SRFI-4 vector constructors, when allocating the vector in unmanaged memory. Due to the missing range check, this could result in negative or too small size allocations, which would result in a crash or a buffer overrun, depending on the size. This issue affects all current releases of CHICKEN Scheme, including the latest release, 4.12.0. The official announcement was made here: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.h tml
Hi Peter, oss-security mailing is no longer a place for requesting CVEs. Please, request CVE from MITRE via https://cveform.mitre.org/ or also possibly from DWF project via http://iwantacve.org/ Thanks! Best Regards, -- Adam Mariš, Red Hat Product Security 1CCD 3446 0529 81E3 86AF 2D4C 4869 76E7 BEF0 6BC2
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 15)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)