Bug 1099613 (CVE-2014-3776) - CVE-2014-3776 chicken: buffer overflow in "read-u8vector!" procedure leads to DoS or arbitrary code exec
Summary: CVE-2014-3776 chicken: buffer overflow in "read-u8vector!" procedure leads to...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3776
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1099614 1099615
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-05-20 18:17 UTC by Vincent Danen
Modified: 2019-09-29 13:17 UTC (History)
2 users (show)

Fixed In Version: chicken 4.9.1, chicken 4.8.0.7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-11 22:08:03 UTC


Attachments (Terms of Use)

Description Vincent Danen 2014-05-20 18:17:02 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-3776 to
the following vulnerability:

Name: CVE-2014-3776
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3776
Assigned: 20140519
Reference: http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html
Reference: http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html
Reference: http://seclists.org/oss-sec/2014/q2/328
Reference: http://seclists.org/oss-sec/2014/q2/334
Reference: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e
Reference: https://bugs.call-cc.org/ticket/1124
Reference: http://www.securityfocus.com/bid/67468

Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit
in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1
allows remote attackers to cause a denial of service (memory
corruption and application crash) and possibly execute arbitrary code
via a "#f" value in the NUM argument.

Comment 1 Vincent Danen 2014-05-20 18:19:55 UTC
Created chicken tracking bugs for this issue:

Affects: fedora-all [bug 1099614]
Affects: epel-6 [bug 1099615]

Comment 2 Fedora Update System 2014-08-08 00:41:24 UTC
chicken-4.8.0.6-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2014-08-08 08:37:12 UTC
chicken-4.8.0.6-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2014-08-08 08:37:40 UTC
chicken-4.8.0.6-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.