oss-sec mailing list archives
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme
From: "Don A. Bailey" <donb () securitymouse com>
Date: Wed, 15 Mar 2017 17:03:18 -0600
I find this extremely amusing. https://www.securitymouse.com/lms-2014-06-23-7 D
On Mar 15, 2017, at 4:47 PM, Peter Bex <peter () more-magic net> wrote: Hello all, I'd like to request a CVE for an unchecked malloc() argument in CHICKEN Scheme's SRFI-4 vector constructors, when allocating the vector in unmanaged memory. Due to the missing range check, this could result in negative or too small size allocations, which would result in a crash or a buffer overrun, depending on the size. This issue affects all current releases of CHICKEN Scheme, including the latest release, 4.12.0. The official announcement was made here: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html Cheers, Peter Bex
Current thread:
- CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 15)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)