[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-announce] [SECURITY] Potential buffer overrun in string-tra

From: Peter Bex
Subject: Re: [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*
Date: Mon, 15 Jun 2015 13:43:28 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

On Mon, Jun 15, 2015 at 08:41:15AM +0200, Peter Bex wrote:
> Hello CHICKEN users,
> Using gcc's Address Sanitizer, it was discovered that the string-translate*
> procedure from the data-structures unit can scan beyond the input string's
> length up to the length of the source strings in the map that's passed to
> string-translate*.  This issue was fixed in master 8a46020, and it will
> make its way into CHICKEN 4.10.
> This bug is present in all released versions of CHICKEN.
> There is no known workaround, except applying the patch posted in the
> following chicken-hackers thread:

This bug has been assigned CVE-2015-4556.

Kind regards,

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]