oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid pointer dereference

From: Peter Bex <peter () more-magic net>
Date: Thu, 1 Jun 2017 09:23:13 +0200
Hi all,

I just received my assignment of CVE-2017-9334 for this issue:

An incorrect "pair?" check in the Scheme "length" procedure results in                                                  
                
an unsafe pointer dereference in all CHICKEN Scheme versions prior to                                                   
                
4.13, which allows an attacker to cause a denial of service by passing                                                  
                
an improper list to an application that calls "length" on it.                                                           
                

Original announcement:
http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html

Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html

Cheers,
Peter

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: