Attachment #157968 for bug #200980

View | Details | Raw Unified | Return to bug 200980 | Differences between
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="0da404ad-1891-11e5-a1cf-002590263bf5">
    <topic>chicken -- Potential buffer overrun in string-translate*</topic>
    <affects>
      <package>
	<name>chicken</name>
	<range><lt>4.10.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>chicken developer Peter Bex reports:</p>
	<blockquote cite="http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html">
	  <p>Using gcc's Address Sanitizer, it was discovered that the string-translate*
	    procedure from the data-structures unit can scan beyond the input string's
	    length up to the length of the source strings in the map that's passed to
	    string-translate*.	This issue was fixed in master 8a46020, and it will
	    make its way into CHICKEN 4.10.</p>
	  <p>This bug is present in all released versions of CHICKEN.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-4556</cvename>
      <mlist>http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html</mlist>
      <mlist>http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html</mlist>
    </references>
    <dates>
      <discovery>2015-06-15</discovery>
      <entry>2015-06-20</entry>
    </dates>
  </vuln>

  <vuln vid="e7b7f2b5-177a-11e5-ad33-f8d111029e6a">
    <topic>chicken -- buffer overrun in substring-index[-ci]</topic>
    <affects>
      <package>
	<name>chicken</name>
	<range><lt>4.10.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>chicken developer Moritz Heidkamp reports:</p>
	<blockquote cite="http://lists.gnu.org/archive/html/chicken-users/2015-01/msg00048.html">
	  <p>The substring-index[-ci] procedures of the data-structures unit are
	    vulnerable to a buffer overrun attack when passed an integer greater
	    than zero as the optional START argument.</p>
	  <p>As a work-around you can switch to SRFI 13's
	    string-contains procedure which also returns the substring's index in
	    case it is found.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-9651</cvename>
      <mlist>http://lists.gnu.org/archive/html/chicken-users/2015-01/msg00048.html</mlist>
      <mlist>http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt</mlist>
    </references>
    <dates>
      <discovery>2015-01-12</discovery>
      <entry>2015-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
    <topic>p5-Dancer -- possible to abuse session cookie values</topic>
    <affects>

Return to bug 200980

Lines 57-62 Link Here

(-)vuln.xml (+64 lines)
57		57
58	-->	58	-->
59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		60	<vuln vid="0da404ad-1891-11e5-a1cf-002590263bf5">
		61	<topic>chicken -- Potential buffer overrun in string-translate*</topic>
		62	<affects>
		63	<package>
		64	<name>chicken</name>
		65	<range><lt>4.10.0</lt></range>
		66	</package>
		67	</affects>
		68	<description>
		69	<body xmlns="http://www.w3.org/1999/xhtml">
		70	<p>chicken developer Peter Bex reports:</p>
		71	<blockquote cite="http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html">
		72	<p>Using gcc's Address Sanitizer, it was discovered that the string-translate*
		73	procedure from the data-structures unit can scan beyond the input string's
		74	length up to the length of the source strings in the map that's passed to
		75	string-translate*. This issue was fixed in master 8a46020, and it will
		76	make its way into CHICKEN 4.10.</p>
		77	<p>This bug is present in all released versions of CHICKEN.</p>
		78	</blockquote>
		79	</body>
		80	</description>
		81	<references>
		82	<cvename>CVE-2015-4556</cvename>
		83	<mlist>http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html</mlist>
		84	<mlist>http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html</mlist>
		85	</references>
		86	<dates>
		87	<discovery>2015-06-15</discovery>
		88	<entry>2015-06-20</entry>
		89	</dates>
		90	</vuln>
		91
		92	<vuln vid="e7b7f2b5-177a-11e5-ad33-f8d111029e6a">
		93	<topic>chicken -- buffer overrun in substring-index[-ci]</topic>
		94	<affects>
		95	<package>
		96	<name>chicken</name>
		97	<range><lt>4.10.0</lt></range>
		98	</package>
		99	</affects>
		100	<description>
		101	<body xmlns="http://www.w3.org/1999/xhtml">
		102	<p>chicken developer Moritz Heidkamp reports:</p>
		103	<blockquote cite="http://lists.gnu.org/archive/html/chicken-users/2015-01/msg00048.html">
		104	<p>The substring-index[-ci] procedures of the data-structures unit are
		105	vulnerable to a buffer overrun attack when passed an integer greater
		106	than zero as the optional START argument.</p>
		107	<p>As a work-around you can switch to SRFI 13's
		108	string-contains procedure which also returns the substring's index in
		109	case it is found.</p>
		110	</blockquote>
		111	</body>
		112	</description>
		113	<references>
		114	<cvename>CVE-2014-9651</cvename>
		115	<mlist>http://lists.gnu.org/archive/html/chicken-users/2015-01/msg00048.html</mlist>
		116	<mlist>http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt</mlist>
		117	</references>
		118	<dates>
		119	<discovery>2015-01-12</discovery>
		120	<entry>2015-06-22</entry>
		121	</dates>
		122	</vuln>
		123
60	<vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">	124	<vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
61	<topic>p5-Dancer -- possible to abuse session cookie values</topic>	125	<topic>p5-Dancer -- possible to abuse session cookie values</topic>
62	<affects>	126	<affects>