[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8
Re: [Chicken-announce] [SECURITY] Buffer-overrun in some uses of read-u8vector
Mon, 19 May 2014 09:18:45 +0200
On Sun, May 18, 2014 at 01:27:36PM +0200, Peter Bex wrote:
> Hello CHICKEN users,
> A problem was found with the read-u8vector! procedure from the srfi-4
> unit, which is almost identical to CVE-2013-4385 (which related to
> the read-string! procedure, see
> for details).
This issue has been assigned CVE-2014-3776.
Many thanks to Seth Alves for reporting the bug that lead to the
discovery of the underlying problem.
The CHICKEN Team