[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] [Chicken-announce] [SECURITY] Unchecked malloc size
From: |
Peter Bex |
Subject: |
Re: [Chicken-users] [Chicken-announce] [SECURITY] Unchecked malloc size in "external" SRFI-4 vector constructors |
Date: |
Thu, 16 Mar 2017 17:35:18 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Mar 15, 2017 at 08:44:59PM +0100, Peter Bex wrote:
> Hi all,
>
> Our user "Lemonboy" has found a vulnerability in CHICKEN's SRFI-4
> constructors, when using a nonstandard extension; the "NONGC" argument
> to make-[su]{8,16,32}vector. This argument will allocate a uniform
> bytevector in unmanaged memory (not subject to garbage collection),
> by using malloc().
This issue has been assigned CVE-2017-6949.
Regards,
The CHICKEN Team
signature.asc
Description: Digital signature