[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overflow issue in gnuchess

From: Antti Karjalainen
Subject: Buffer overflow issue in gnuchess
Date: Thu, 29 Oct 2015 21:56:55 +0200


There seems to be a buffer overflow vulnerability in gnuchess version 6.1.1.
I think it's possible there is some remote attack vector via network play, but I haven't studied it further.

The issue can be reproduced like this:

$ gnuchess

GNU Chess 6.1.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
White (1) : 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
TimeLimit[0] = 0
TimeLimit[1] = 0
Invalid move: 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
White (1) : 11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
TimeLimit[0] = 0
TimeLimit[1] = 0
*** stack smashing detected ***: gnuchess terminated
[1] 30500 abort (core dumped) gnuchess

    BR, Antti Karjalainen

reply via email to

[Prev in Thread] Current Thread [Next in Thread]