FreeBSD Bugzilla – Attachment 157968 Details for
Bug 200980
lang/chicken: CVE-2015-4556: out-of-bounds read in CHICKEN Scheme's string-translate* procedure
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml entry to document both CVE-2015-4556 and CVE-2015-9651
chicken_vuxml.diff (text/plain), 2.88 KB, created by
Jason Unovitch
on 2015-06-22 04:27:44 UTC
(
hide
)
Description:
security/vuxml entry to document both CVE-2015-4556 and CVE-2015-9651
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-06-22 04:27:44 UTC
Size:
2.88 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 390180) >+++ vuln.xml (working copy) >@@ -57,6 +57,70 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="0da404ad-1891-11e5-a1cf-002590263bf5"> >+ <topic>chicken -- Potential buffer overrun in string-translate*</topic> >+ <affects> >+ <package> >+ <name>chicken</name> >+ <range><lt>4.10.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>chicken developer Peter Bex reports:</p> >+ <blockquote cite="http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"> >+ <p>Using gcc's Address Sanitizer, it was discovered that the string-translate* >+ procedure from the data-structures unit can scan beyond the input string's >+ length up to the length of the source strings in the map that's passed to >+ string-translate*. This issue was fixed in master 8a46020, and it will >+ make its way into CHICKEN 4.10.</p> >+ <p>This bug is present in all released versions of CHICKEN.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2015-4556</cvename> >+ <mlist>http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html</mlist> >+ <mlist>http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html</mlist> >+ </references> >+ <dates> >+ <discovery>2015-06-15</discovery> >+ <entry>2015-06-20</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="e7b7f2b5-177a-11e5-ad33-f8d111029e6a"> >+ <topic>chicken -- buffer overrun in substring-index[-ci]</topic> >+ <affects> >+ <package> >+ <name>chicken</name> >+ <range><lt>4.10.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>chicken developer Moritz Heidkamp reports:</p> >+ <blockquote cite="http://lists.gnu.org/archive/html/chicken-users/2015-01/msg00048.html"> >+ <p>The substring-index[-ci] procedures of the data-structures unit are >+ vulnerable to a buffer overrun attack when passed an integer greater >+ than zero as the optional START argument.</p> >+ <p>As a work-around you can switch to SRFI 13's >+ string-contains procedure which also returns the substring's index in >+ case it is found.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2014-9651</cvename> >+ <mlist>http://lists.gnu.org/archive/html/chicken-users/2015-01/msg00048.html</mlist> >+ <mlist>http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt</mlist> >+ </references> >+ <dates> >+ <discovery>2015-01-12</discovery> >+ <entry>2015-06-22</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4"> > <topic>p5-Dancer -- possible to abuse session cookie values</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=157968">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 200980
:
157898
|
157947
|
157966
|
157968
|
157976
|
158375
|
158401
|
159285
|
159286
|
159287