oss-security - CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid pointer dereference

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <20170601072313.GM4590@scully.more-magic.net>
Date: Thu, 1 Jun 2017 09:23:13 +0200
From: Peter Bex <peter@...e-magic.net>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid
 pointer dereference

Hi all,

I just received my assignment of CVE-2017-9334 for this issue:

An incorrect "pair?" check in the Scheme "length" procedure results in                                                                  
an unsafe pointer dereference in all CHICKEN Scheme versions prior to                                                                   
4.13, which allows an attacker to cause a denial of service by passing                                                                  
an improper list to an application that calls "length" on it.                                                                           

Original announcement:
http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html

Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html

Cheers,
Peter

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.