[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-announce] [SECURITY] Vulnerability to algorithmic complexit

From: Peter Bex
Subject: Re: [Chicken-announce] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table
Date: Mon, 17 Jul 2017 08:48:17 +0200
User-agent: NeoMutt/20170113 (1.7.2)

On Sun, Jul 16, 2017 at 08:32:03PM +0200, Peter Bex wrote:
> The code that sets up the initial symbol table is run _before_
> initializing the PRNG, which means the randomization factor uses
> the initial libc seed state.  On most libc implementations this
> means the symbol table randomization factor is a constant value
> which does not differ between runs.

This issue has been assigned CVE-2017-11343.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]