[3.6] chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure (CVE-2017-9334)
An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an application that calls “length” on it.
Fixed In Version:
chicken 4.13
http://openwall.com/lists/oss-security/2017/06/01/2
https://nvd.nist.gov/vuln/detail/CVE-2017-9334
Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/txtR8ZFTRaiUi.txt
(from redmine: issue id 7403, created on 2017-06-09, closed on 2017-06-15)
- Relations:
- parent #7401 (closed)
- Changesets:
- Revision 73556d99 on 2017-06-15T13:51:39Z:
community/chicken: security fixes #7403 (CVE-2017-9334)