oss-sec mailing list archives
CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures
From: Peter Bex <peter () more-magic net>
Date: Sun, 14 Aug 2016 12:50:11 +0200
Hello all, I would like to request a CVE for a buffer overrun that was detected in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit. CHICKEN preallocated an argument array of ARG_MAX items (or 256 if that was undefined), and an environment array of ENV_MAX items (or 1024 if that was undefined), and did not verify that the arguments or environment lists were less than this size, resulting in a buffer overrun if these lists were longer. The full announcement can be found here: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html The bugfix also fixed a memory leak in the same piece of code, which could potentially be used to cause resource exhaustion/denial of service situation. Does this warrant another CVE? The bug affects all releases of CHICKEN up to and including 4.11. Cheers, Peter Bex
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures Peter Bex (Aug 14)