Re: [Chicken-announce] [SECURITY] Unchecked malloc size in "external" SR

chicken-announce

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-announce] [SECURITY] Unchecked malloc size in "external" SR

From:	Peter Bex
Subject:	Re: [Chicken-announce] [SECURITY] Unchecked malloc size in "external" SRFI-4 vector constructors
Date:	Thu, 16 Mar 2017 17:35:18 +0100
User-agent:	Mutt/1.5.23 (2014-03-12)

On Wed, Mar 15, 2017 at 08:44:59PM +0100, Peter Bex wrote:
> Hi all,
> 
> Our user "Lemonboy" has found a vulnerability in CHICKEN's SRFI-4
> constructors, when using a nonstandard extension; the "NONGC" argument
> to make-[su]{8,16,32}vector.  This argument will allocate a uniform
> bytevector in unmanaged memory (not subject to garbage collection),
> by using malloc().

This issue has been assigned CVE-2017-6949.

Regards,
The CHICKEN Team

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-announce] [SECURITY] Unchecked malloc size in "external" SRFI-4 vector constructors, Peter Bex, 2017/03/15
- Re: [Chicken-announce] [SECURITY] Unchecked malloc size in "external" SRFI-4 vector constructors, Peter Bex <=

Prev by Date: [Chicken-announce] [SECURITY] Unchecked malloc size in "external" SRFI-4 vector constructors
Previous by thread: [Chicken-announce] [SECURITY] Unchecked malloc size in "external" SRFI-4 vector constructors
Index(es):
- Date
- Thread