Buffer overflow issue in gnuchess

bug-gnu-chess

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overflow issue in gnuchess

From:	Antti Karjalainen
Subject:	Buffer overflow issue in gnuchess
Date:	Thu, 29 Oct 2015 21:56:55 +0200

Hello,

There seems to be a buffer overflow vulnerability in gnuchess version 6.1.1.

I think it's possible there is some remote attack vector via network play, but I haven't studied it further.

The issue can be reproduced like this:

$ gnuchess

GNU Chess 6.1.1

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

White (1) : 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

TimeLimit[0] = 0

TimeLimit[1] = 0

Invalid move: 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

White (1) : 11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

TimeLimit[0] = 0

TimeLimit[1] = 0

*** stack smashing detected ***: gnuchess terminated

[1] 30500 abort (core dumped) gnuchess

BR, Antti Karjalainen

[Prev in Thread]

Current Thread

[Next in Thread]

Buffer overflow issue in gnuchess, Antti Karjalainen <=

Prev by Date: Re: -a doesn't work in gnuchess-6.2.2
Previous by thread: -a doesn't work in gnuchess-6.2.2
Index(es):
- Date
- Thread