1395209 – (CVE-2015-8972) CVE-2015-8972 gnuchess: Stack-based buffer overflow on user move input

Bug 1395209 (CVE-2015-8972) - CVE-2015-8972 gnuchess: Stack-based buffer overflow on user move input

Summary: CVE-2015-8972 gnuchess: Stack-based buffer overflow on user move input

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2015-8972
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1395210
TreeView+	depends on / blocked

Reported:	2016-11-15 12:13 UTC by Adam Mariš
Modified:	2019-09-29 13:59 UTC (History)
CC List:	4 users (show)
Fixed In Version:	gnuchess 6.2.4
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-17 08:53:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-11-15 12:13:38 UTC

A stack-based buffer overflow that can be triggered by supplying user move input larger than 128 bytes was found in gnuchess.

Upstream bug report:

https://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html

Upstream patch:

http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134

CVE assignment:

http://seclists.org/oss-sec/2016/q4/426

Comment 1 Gwyn Ciesla 2016-11-15 13:43:44 UTC

6.2.4 is in rawhide, stable f24 and f23.  The update is on it's way to stable in f25.

Comment 2 Martin Prpič 2016-11-16 07:51:10 UTC

(In reply to Jon Ciesla from comment #1)
> 6.2.4 is in rawhide, stable f24 and f23.  The update is on it's way to
> stable in f25.

Please do not close bugs against the Security Response component. This bug tracks the issue across many products, not just Fedora.

Note You need to log in before you can comment on or make changes to this bug.