Name: Anonymous 2014-05-29 12:44
WE ARE FUCKED GUYS NOT EVEN LISP IS SAFE ANYMORE
https://www.us-cert.gov/ncas/bulletins/SB14-146
call-cc -- chicken Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3776
* CVSS Version 2 Metrics:
* Access Vector: Network exploitable
* Access Complexity: Low
* Authentication: Not required to exploit
* Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Hi hackers,
I believe issue #1124[1] is due to a missing bounds check in
`read-u8vector!`.
Currently, its read size is bounded according to the destination
u8vector's size when a length argument is given, but not when false is
passed for the length instead, leading to a possible buffer overrun. The
attached patch ensures this check is performed for both cases.
This problem (and the fix) is nearly identical to one that was found and
fixed in `read-string!` last year[2], via cd1b977. The patch doesn't
update NEWS yet since, as with CVE-2013-4385, this has security
implications and I think it should be included in the stable release as
well.
WHO ELSE READY TO INNAWOODS HERE??
https://www.us-cert.gov/ncas/bulletins/SB14-146
call-cc -- chicken Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3776
* CVSS Version 2 Metrics:
* Access Vector: Network exploitable
* Access Complexity: Low
* Authentication: Not required to exploit
* Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Hi hackers,
I believe issue #1124[1] is due to a missing bounds check in
`read-u8vector!`.
Currently, its read size is bounded according to the destination
u8vector's size when a length argument is given, but not when false is
passed for the length instead, leading to a possible buffer overrun. The
attached patch ensures this check is performed for both cases.
This problem (and the fix) is nearly identical to one that was found and
fixed in `read-string!` last year[2], via cd1b977. The patch doesn't
update NEWS yet since, as with CVE-2013-4385, this has security
implications and I think it should be included in the stable release as
well.
WHO ELSE READY TO INNAWOODS HERE??