PT-2017-17417 · Chicken · Chicken Scheme

Publicado

2017-03-16

Atualizado

2017-04-05

CVE-2017-6949

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CHICKEN Scheme versions prior to 4.12.0

Description An issue was discovered when using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory. The vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.

Recommendations For versions prior to 4.12.0, update to version 4.12.0 or later to resolve the issue.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-6949

DLA-908-1

Produtos afetados

Chicken Scheme

PT-2017-17417 · Chicken · Chicken Scheme

CVE-2017-6949

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9