Project

General

Profile

Bug #7402

Bug #7401: chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure (CVE-2017-9334)

[3.7] chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure (CVE-2017-9334)

Added by Alicha CH about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
06/09/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:

Description

An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13,
which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.

Fixed In Version:

chicken 4.13

http://openwall.com/lists/oss-security/2017/06/01/2
https://nvd.nist.gov/vuln/detail/CVE-2017-9334

Patch:

http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/txtR8ZFTRaiUi.txt

Associated revisions

Revision 2b37087c (diff)
Added by Leonardo Arena about 1 year ago

community/chicken: security fixes #7402 (CVE-2017-9334)

History

#1 Updated by Anonymous about 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH about 1 year ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF