| Summary: |
<dev-scheme/chicken-4.13.0-r1: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
ewfalor, maksbotan, proxy-maint, scheme
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
https://bugzilla.redhat.com/show_bug.cgi?id=1457675
|
| Whiteboard: |
B3 [noglsa cve] |
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
| Bug Depends on: |
625392
|
|
|
| Bug Blocks: |
591378, 612910
|
|
|
From ${URL} : An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. Reference: https://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.