[3.5] chicken: unchecked size argument in malloc() (CVE-2017-6949)
An issue was discovered in CHICKEN Scheme through 4.12.0. When using a
nonstandard CHICKEN-specific extension to
allocate an SRFI-4 vector in unmanaged memory, the vector size would be
used in unsanitised form as an argument to malloc().
With an unexpected size, the impact may have been a segfault or buffer
overflow.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6949
http://openwall.com/lists/oss-security/2017/03/16/10
(from redmine: issue id 7032, created on 2017-03-17, closed on 2019-05-04)
- Relations:
- parent #7030