oss-sec mailing list archives
Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme
From: Peter Bex <peter () more-magic net>
Date: Thu, 16 Mar 2017 17:34:21 +0100
On Thu, Mar 16, 2017 at 01:17:13PM +0100, Peter Korsgaard wrote:
"Peter" == Peter Bex <peter () more-magic net> writes:> On Thu, Mar 16, 2017 at 10:31:17AM +0100, Adam Maris wrote: >> Hi Peter, >> >> oss-security mailing is no longer a place for requesting CVEs. Please, >> request CVE from MITRE via https://cveform.mitre.org/ or also possibly >> from DWF project via http://iwantacve.org/ > Oh yeah, I forgot about that. I've filled out the form, and I hope I've > done this correctly. Please don't forget to forward the form details to this list once a CVE has been assigned. Thanks.
This was assigned CVE-2017-6949. The form details were in my original mail, but I'll include them here again, though I must say fiddling around with e-mail to forward it is much much more inconvenient than how it used to work:
[Suggested description] An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow. ------------------------------------------ [Vulnerability Type] Buffer Overflow ------------------------------------------ [Affected Product Code Base] Affected: All versions up to and including 4.12.0. No fixed versions released yet ------------------------------------------ [Affected Component] All SRFI-4 vector constructor functions in CHICKEN Scheme ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Attack Vectors] When using a nonstandard CHICKEN-specific extension to allocate a SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as argument to malloc(). ------------------------------------------ [Reference] http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Lemonboy
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 15)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)