oss-sec mailing list archives
Re: CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures
From: cve-assign () mitre org
Date: Wed, 17 Aug 2016 23:30:14 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
I would like to request a CVE for a buffer overrun that was detected in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit. CHICKEN preallocated an argument array of ARG_MAX items (or 256 if that was undefined), and an environment array of ENV_MAX items (or 1024 if that was undefined), and did not verify that the arguments or environment lists were less than this size, resulting in a buffer overrun if these lists were longer.
Use CVE-2016-6830.
The bugfix also fixed a memory leak in the same piece of code, which could potentially be used to cause resource exhaustion/denial of service situation.
a memory leak existed in this code, which would be triggered when an error is raised during argument and environment processing (e.g., if one of the arguments wasn't a string).
Does this warrant another CVE?
Yes, use CVE-2016-6831 for the memory leak. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXtSRnAAoJEHb/MwWLVhi21jEQAKZvWLvq/uy2d4j31FTcH3Sx OjM5j9I+2/szLaexJcEHjQGLUL34NDem+CEizZa1lU2NXKFFlYYXE8CGDGtVyvG9 M21Dxfq6QiSJv6WacORbLawUK6txSfBajOBu+DL36lr+Y6FSejh5zxwg/97E1Z97 J+bpICS96zSUDx21rTVj6a7AT+C48vHsGXdZ214yiui6Grs1UjKEwbyJvYONJnEh qaUfZwxd1DMrp9mYLbTzC7YoaA8cpK4pa2XMj866Ek9zqd55W+IFrxTg7bapHrRY elZdeTuXyg4POQ/ZJFUkkRVUZt5Dfa5r2nhG6O6oYxCNIWcjCwNkEH3vy8Fqnstp 60tAC2Plt/F58Or5rcgBMIPckf01rolGj23EOCKihuAqZC8iXyisaTWC80Bzvx9P 9L3RBU4p956GpRvDyMONdq30bGgI5ICtpV6yJUgiuMIR3npoCkZqH8/ONSrxZjdj jPeikuZNGpzRmDqiKijG8PqXutTlnxNqiZ2sntFIzEgMrRYLtpaEqkXGJBOJiF/v NiVOPbvlnVNfkbLBj4MjFwhxD10a8Nb+VuIUJaSVAEUszFlpTCiA/cj1t3ZZb5MG bPumWrj0+22vn+C2V3KVlsevP8co68ggxydx2RYsbJ2gEQ7gkM904HFNkPfk1ZS2 CpJ18WYaF6DGQvTX6wie =BpnE -----END PGP SIGNATURE-----
Current thread:
- CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures Peter Bex (Aug 14)
- Re: CVE request for buffer overrun in CHICKEN process-execute and process-spawn posix procedures cve-assign (Aug 17)