[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-announce] [SECURITY] Potential buffer overrun in string-tra
From: |
Peter Bex |
Subject: |
Re: [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate* |
Date: |
Mon, 15 Jun 2015 13:43:28 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Mon, Jun 15, 2015 at 08:41:15AM +0200, Peter Bex wrote:
> Hello CHICKEN users,
>
> Using gcc's Address Sanitizer, it was discovered that the string-translate*
> procedure from the data-structures unit can scan beyond the input string's
> length up to the length of the source strings in the map that's passed to
> string-translate*. This issue was fixed in master 8a46020, and it will
> make its way into CHICKEN 4.10.
>
> This bug is present in all released versions of CHICKEN.
>
> There is no known workaround, except applying the patch posted in the
> following chicken-hackers thread:
> http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html
This bug has been assigned CVE-2015-4556.
Kind regards,
The CHICKEN Team
signature.asc
Description: Digital signature