[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-announce] [SECURITY] Potential buffer overrun in string-tra
Re: [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*
Mon, 15 Jun 2015 13:43:28 +0200
On Mon, Jun 15, 2015 at 08:41:15AM +0200, Peter Bex wrote:
> Hello CHICKEN users,
> Using gcc's Address Sanitizer, it was discovered that the string-translate*
> procedure from the data-structures unit can scan beyond the input string's
> length up to the length of the source strings in the map that's passed to
> string-translate*. This issue was fixed in master 8a46020, and it will
> make its way into CHICKEN 4.10.
> This bug is present in all released versions of CHICKEN.
> There is no known workaround, except applying the patch posted in the
> following chicken-hackers thread:
This bug has been assigned CVE-2015-4556.
The CHICKEN Team
Description: Digital signature