Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8

chicken-announce

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8

From:	Peter Bex
Subject:	Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8vector
Date:	Mon, 19 May 2014 09:18:45 +0200
User-agent:	Mutt/1.4.2.3i

On Sun, May 18, 2014 at 01:27:36PM +0200, Peter Bex wrote:
> Hello CHICKEN users,
> 
> A problem was found with the read-u8vector! procedure from the srfi-4
> unit, which is almost identical to CVE-2013-4385 (which related to
> the read-string! procedure, see 
> https://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
> for details).

This issue has been assigned CVE-2014-3776.

Many thanks to Seth Alves for reporting the bug that lead to the
discovery of the underlying problem.

Kind regards,
The CHICKEN Team

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8vector, Peter Bex, 2014/05/18
- Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8vector, Peter Bex <=

Prev by Date: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8vector
Previous by thread: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8vector
Index(es):
- Date
- Thread