Re: [Chicken-users] [Chicken-announce] [SECURITY] Potential buffer overr

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-users] [Chicken-announce] [SECURITY] Potential buffer overr

From:	Peter Bex
Subject:	Re: [Chicken-users] [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*
Date:	Mon, 15 Jun 2015 13:43:28 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

On Mon, Jun 15, 2015 at 08:41:15AM +0200, Peter Bex wrote:
> Hello CHICKEN users,
> 
> Using gcc's Address Sanitizer, it was discovered that the string-translate*
> procedure from the data-structures unit can scan beyond the input string's
> length up to the length of the source strings in the map that's passed to
> string-translate*.  This issue was fixed in master 8a46020, and it will
> make its way into CHICKEN 4.10.
> 
> This bug is present in all released versions of CHICKEN.
> 
> There is no known workaround, except applying the patch posted in the
> following chicken-hackers thread:
> http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html

This bug has been assigned CVE-2015-4556.

Kind regards,
The CHICKEN Team

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-users] [SECURITY] Potential buffer overrun in string-translate*, Peter Bex, 2015/06/15
- Re: [Chicken-users] [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*, Peter Bex <=

Prev by Date: [Chicken-users] SWIG support
Next by Date: Re: [Chicken-users] [Chicken-announce] CHICKEN 4.10.0 release candidate 1 available
Previous by thread: [Chicken-users] [SECURITY] Potential buffer overrun in string-translate*
Next by thread: [Chicken-users] SWIG support
Index(es):
- Date
- Thread