Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJouXQntfKK9r8T5HtxHCeVGhdYjwW_Wk_SSa4n-KsbM5qAFZA@mail.gmail.com>
Date: Mon, 17 Apr 2017 10:35:51 -0700
From: Kenton Varda <kenton@...udflare.com>
To: Tom Lee <debian@...lee.co>, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization

Whoops, apparently I'm supposed to use the web form now. Sorry!

-Kenton

On Mon, Apr 17, 2017 at 10:32 AM, Kenton Varda <kenton@...udflare.com>
wrote:

> Hi oss-security and cve-assign,
>
> Can you assign a CVE for the following issue?
>
> Full details and fix covered here: https://github.com/sandstorm-i
> o/capnproto/blob/master/security-advisories/2017-04-17-0-
> apple-clang-elides-bounds-check.md
>
> > Discovered by Kenton Varda
>
> > Some bounds checks are elided by Apple's compiler and possibly others,
> leading to a possible attack especially in 32-bit builds.
>
> > Although triggered by a compiler optimization, this is a bug in Cap'n
> Proto, not the compiler.
>
> Thanks,
> -Kenton
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.