[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8
From: |
Peter Bex |
Subject: |
Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8vector |
Date: |
Mon, 19 May 2014 09:18:45 +0200 |
User-agent: |
Mutt/1.4.2.3i |
On Sun, May 18, 2014 at 01:27:36PM +0200, Peter Bex wrote:
> Hello CHICKEN users,
>
> A problem was found with the read-u8vector! procedure from the srfi-4
> unit, which is almost identical to CVE-2013-4385 (which related to
> the read-string! procedure, see
> https://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
> for details).
This issue has been assigned CVE-2014-3776.
Many thanks to Seth Alves for reporting the bug that lead to the
discovery of the underlying problem.
Kind regards,
The CHICKEN Team