chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure (CVE-2017-9334)
An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an application that calls “length” on it.
Fixed In Version:
chicken 4.13
http://openwall.com/lists/oss-security/2017/06/01/2
https://nvd.nist.gov/vuln/detail/CVE-2017-9334
Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/txtR8ZFTRaiUi.txt
(from redmine: issue id 7401, created on 2017-06-09, closed on 2017-06-15)
- Relations:
- child #7402 (closed)
- child #7403 (closed)